GDPR Compliant
The General Data Protection Regulation (GDPR) is an EU privacy law that came into effect on May 25, 2018. It increased restrictions on what organisations can do with your data, as well as extended your rights to access and control how your personal data is used. If you want to know more about our GDPR compliance, please click Read more.
Read more
ISO 27001
MELP makes no compromises when it comes to keeping our clients‘ information secure. Therefore, we are proud to be certified ISO/IEC 27001 – the international standard that describes best practice for an information security management system (ISMS). Achieving accredited certification to ISO/IEC 27001 demonstrates that MELP is granted an independent, expert assessment of the adequate protection of our client‘s data. For a better understanding of our approach towards information security and data protection, please click Read more.
Read more
AWS
MELP hosts data in one of the most reliable and secure cloud services worldwide – Amazon Web services (AWS). Amazon’s data centers maintain the highest security requirements and have several layers of physical and operational security. It is designed to satisfy data security requirements for privacy-sensitive organizations.
2FA authentication
As an additional security layer to reduce the fraud, data, and identity loss exposure, MELP uses 2-factor authentication (2FA), provided by Amazon Cognito. Amazon Cognito complies HIPAA, PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 standards.
Professional indemnity insurance at Lloyd’s
Our Professional Indemnity is insured for the amount of 1 million EUR by the worldwide leading specialist insurance market Lloyd’s , which has financial strength ratings of A+ (Strong) by Standard & Poor's, AA- (Very Strong) by Fitch Ratings and A (Excellent) by A.M. Best.
Software security
Infrastructure
AWS resources are configured according to the CIS AWS Foundations Benchmark.
Reliability
We have designed our infrastructure to be highly available and fault-tolerant. To achieve this, we have applied industry best practices such as the AWS Well-Architected Framework.
Data centres
Our server infrastructure is hosted within multiple Amazon Web Services (AWS) data centers in the Dublin region, Ireland.
Isolated environments
Our production environment is fully separated from other environments that we use for development and testing – we use a separate AWS account.
Backups
Cross-account and cross-region automated backup policies are in place to keep customer data backed up in multiple AWS accounts and multiple AWS regions within the EU (Ireland and Germany).
Networking
The network is isolated from the outside. Administrative access is only possible via an encrypted connection and for eligible personnel.
Employee access
Access for engineering personnel and software components is managed according to the principle of least privilege, with tight security groups and IAM policies.
System monitoring and alerting
Proactive monitoring tools are used for regression and threat monitoring (GuardDuty, Security Hub, CloudTrail).
Frequently asked questions
Learn More
Learn More
Learn More