Information Security Policy
Last updated on [DATE].
Authority:
We, Monstarlab Enterprise Solutions Limited (MLES), an independent entity under the esteemed Monstarlab Lab Holdings Inc., registered in Bangladesh and having the registered address at Floor 5th, Plot 4, Mohakhali C/A, Gulshan, Dhaka 1212. You can contact us at: [email address]. Here by “MLES”/ “we,” “us,” and “our,” we mean Monstarlab Enterprise Solutions Limited (MLES) and anyone who visits or accesses this website is referred as “you, your, user”,
Purpose Statement:
We provide comprehensive enterprise solutions, specializing in financial advisory. Our tailored services optimize business functions, strategically reducing costs, and fostering growth. With expertise in time-shared services, ERP consulting, and robust cybersecurity, we ensure seamless productivity and safeguard critical assets. Committed to service excellence, we prioritize information security.
The Information Security Policy outlines our commitment to safeguarding confidentiality, integrity, and availability of information on the MLES website, aligning with our dedication to technology-driven excellence and maintaining the safety of all assets.
Information Statement:
We are fully aware of the importance of maintaining the availability, confidentiality and integrity of information related to the company, our employees, clients and other partners and stakeholders while considering Accountability and Non-repudiation through our Information Security policy. Therefore, we have established and set up an information management system to protect all necessary assets.This policy encompasses all systems, automated and manual, for which the entity has administrative responsibility, including systems managed or hosted by third parties on behalf of the entity. It addresses all information, regardless of the form or format, which is created or used in support of business activities.
Our Approach:
In adherence to international standards, we proudly hold ISO 27001 certification, ensuring an effective Information Security Management System (ISMS). Our information security approach prioritizes safeguarding data confidentiality, integrity, and availability. We continually identify, assess, and manage risks, conduct regular IT audits, and uphold IT governance through relevant standards. Proactive measures prevent security incidents, protect reputations, and ensure compliance with legal obligations, regulations, and data privacy requirements. Our commitment aims to establish us as a trustworthy and dependable partner for our clients. Establishing ourselves as a robust and dependable partner for our clients.
Security Measures: To ensure the security and confidentiality of any information that we handle as a company or on behalf of clients, partners and stakeholders, we have adopted the following principles:
To fulfill our goals in the information security area, we have implemented policies to cover all important parts of information security. Adopted Information Security Management System and implemented adequate tools, we ensure that all employees, contractors and partners are aware of their individual responsibility to maintain and ensure high standards of information security.
System Security: Systems encompass servers, platforms, networks, communications, databases, and software applications. Our responsibility for maintenance/administration is assigned centrally. We-
Databases and Software: In order to ensure the security of our database and Software system, we have Implemented secure coding, protect classified test data, use production data with documented approval, avoid storing source code, remove non-essential scripts, restrict privileged access, and document migration processes for software transfer.
Network Systems: For robust network security, we authorize and document system connections, annually reviewing their validity. Our network architecture incorporates tiered segmentation, and management is exclusively performed from a secure network. Authentication is enforced for users and devices accessing internal systems, while network traffic capture is limited to authorized entities. Additionally, we conduct risk assessments before implementing significant network changes.
Account Management & Access Control: We follow the standard procedure for account management and access control which covers:
Data Encryption
Sensitive information, encompassing user data and login credentials, transmitted via the MLES website, is mandated to undergo encryption. This process shall adhere to secure and widely accepted encryption protocols.
Incident Response
We have established an incident response plan to address security incidents related to the website promptly. All personnel must report any suspicious activity or security incidents immediately. In case of any incident of breach, please contact our dedicated team at : [ email address].
Regular Security Audits
Periodic security audits and assessments of the MLES website shall be conducted to identify vulnerabilities and ensure compliance with security policies.
Review and Updates
This Information Security Policy shall be reviewed periodically to ensure its relevance and effectiveness. We reserve the right to make updates as necessary to address emerging threats and changes in technology.
Contact Information
For questions or concerns regarding this Information Security Policy, please contact the MLES Information Security Team at [Contact Information].
By using the MLES website, all users acknowledge and agree to comply with this Information Security Policy.