Melbikomas UAB implement information security management to prevent incidents that could damage the reputation of the organization and undertake to:
- Ensure the protection of the organization’s information and information technology.
- Ensure information security in line with operational requirements and relevant laws and regulations.
- Manage information security in the organization.
- Achieve and maintain protection of the organization’s assets.
- Avoid unauthorized physical access, loss and disruption to the organization’s operations and information.
- Ensure that information security incident management is consistent and effective.
- Avoid loss, damage, theft or defect of property and business interruptions.
- Ensure accurate and secure operation of information processing tools.
- Maintain the integrity and readiness of information and information processing tools.
- Prevent unauthorized access to information stored in information systems.
- Seek cooperation with suppliers who follow information security standards.
- Ensure that security is an integral part of information systems.
- Supervise the information security system ensuring compliance with the requirements of ISO/IEC 27001:2013.
- Carry out periodic risk assessments to identify the need for further action.
- Periodically change passwords for existing information systems in the organization.
- Strive for continuous improvement of information security management.
Top management ensures that the information security policy:
a) is applicable to the purpose of the organization;
b) includes a commitment to comply with the established information security goals structure and defined general direction and principles of activity;
c) includes a commitment to comply with legal and other requirements;
d) is coordinated with the strategic risk management context of the organization, including the development and maintenance of information security system;
e) is available to all employees of the organization and external parties;
f) all the objectives are reviewed at least once a year.
Based on the above policy was adopted specific information security objectives, the implementation of which is consistently considered in the systematic review by the company's management.