The General Data Protection Regulation (GDPR) is an EU privacy law that came into effect on May 25, 2018. It increased restrictions on what organisations can do with your data, as well as extended your rights to access and control how your personal data is used. If you want to know more about our GDPR compliance, please click Read more.Read more
MELP makes no compromises when it comes to keeping our clients‘ information secure. Therefore, we are proud to be certified ISO/IEC 27001 – the international standard that describes best practice for an information security management system (ISMS). Achieving accredited certification to ISO/IEC 27001 demonstrates that MELP is granted an independent, expert assessment of the adequate protection of our client‘s data. For a better understanding of our approach towards information security and data protection, please click Read more.Read more
MELP hosts data in one of the most reliable and secure cloud services worldwide – Amazon Web services (AWS). Amazon’s data centers maintain the highest security requirements and have several layers of physical and operational security. It is designed to satisfy data security requirements for privacy-sensitive organizations.
As an additional security layer to reduce the fraud, data, and identity loss exposure, MELP uses 2-factor authentication (2FA), provided by Amazon Cognito. Amazon Cognito complies HIPAA, PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 standards.
Professional indemnity and Cyber Risks insurance at Lloyd’s
Our Professional Indemnity and Cyber Risks are insured for the amount of 1 million EUR by the worldwide leading specialist insurance market Lloyd’s , which has financial strength ratings of A+ (Strong) by Standard & Poor's, AA- (Very Strong) by Fitch Ratings and A (Excellent) by A.M. Best.
AWS resources are configured according to the CIS AWS Foundations Benchmark.
We have designed our infrastructure to be highly available and fault-tolerant. To achieve this, we have applied industry best practices such as the AWS Well-Architected Framework.
Our server infrastructure is hosted within multiple Amazon Web Services (AWS) data centers in the Dublin region, Ireland.
Our production environment is fully separated from other environments that we use for development and testing – we use a separate AWS account.
Cross-account and cross-region automated backup policies are in place to keep customer data backed up in multiple AWS accounts and multiple AWS regions within the EU (Ireland and Germany).
The network is isolated from the outside. Administrative access is only possible via an encrypted connection and for eligible personnel.
Access for engineering personnel and software components is managed according to the principle of least privilege, with tight security groups and IAM policies.
System monitoring and alerting
Proactive monitoring tools are used for regression and threat monitoring (GuardDuty, Security Hub, CloudTrail).
Frequently asked questions