Information Security Policy

Last updated on [DATE]. 

Authority:
We, Monstarlab Enterprise Solutions Limited (MLES), an independent entity under the esteemed Monstarlab Lab Holdings Inc., registered in Bangladesh and having the registered address at Floor 5th, Plot 4, Mohakhali C/A, Gulshan, Dhaka 1212. You can contact us at: [email address]. Here by “MLES”/ “we,” “us,” and “our,” we mean Monstarlab Enterprise Solutions Limited (MLES) and anyone who visits or accesses this website is referred as “you, your, user”,

Purpose Statement:

We provide comprehensive enterprise solutions, specializing in financial advisory. Our tailored services optimize business functions, strategically reducing costs, and fostering growth. With expertise in time-shared services, ERP consulting, and robust cybersecurity, we ensure seamless productivity and safeguard critical assets. Committed to service excellence, we prioritize information security.

The Information Security Policy outlines our commitment to safeguarding confidentiality, integrity, and availability of information on the MLES website, aligning with our dedication to technology-driven excellence and maintaining the safety of all assets.

Information Statement:

We are fully aware of the importance of maintaining the availability, confidentiality and integrity of information related to the company, our employees, clients and other partners and stakeholders while considering Accountability and Non-repudiation through our Information Security policy. Therefore, we have established and set up an information management system to protect all necessary assets.This policy encompasses all systems, automated and manual, for which the entity has administrative responsibility, including systems managed or hosted by third parties on behalf of the entity. It addresses all information, regardless of the form or format, which is created or used in support of business activities.

Our Approach:

In adherence to international standards, we proudly hold ISO 27001 certification, ensuring an effective Information Security Management System (ISMS). Our information security approach prioritizes safeguarding data confidentiality, integrity, and availability. We continually identify, assess, and manage risks, conduct regular IT audits, and uphold IT governance through relevant standards. Proactive measures prevent security incidents, protect reputations, and ensure compliance with legal obligations, regulations, and data privacy requirements. Our commitment aims to establish us as a trustworthy and dependable partner for our clients. Establishing ourselves as a robust and dependable partner for our clients.

Security Measures: To ensure the security and confidentiality of any information that we handle as a company or on behalf of clients, partners and stakeholders, we have adopted the following principles:

• Risk Management: Operate a risk management process that works effectively in identifying potential and existing risks and also helps us to manage, isolate, reduce and eliminate such information security risks.
• Continuous Improvement: Implementing policies and procedures to support, manage, regulate and ensure the effectiveness of the Information Security Management System and ensure continuous improvement of the system.
• Ensuring compliance: Complying with all applicable legal and regulatory IT security requirements and obligations.
• Effective Communication: Ensuring proper and adequate communication regarding information security requirements and relevant policies with all relevant parties including training and learning programs for internal staff. 

To fulfill our goals in the information security area, we have implemented policies to cover all important parts of information security. Adopted Information Security Management System and implemented adequate tools, we ensure that all employees, contractors and partners are aware of their individual responsibility to maintain and ensure high standards of information security. 

System Security: Systems encompass servers, platforms, networks, communications, databases, and software applications. Our responsibility for maintenance/administration is assigned centrally. We-

• Implement controls based on data classification for each system.
• Synchronize system clocks to UTC using centralized reference time sources.
• Establish environments/test plans for system validation pre-production.
• Enforce separation of environments (development, test, QA, production).
• Develop and enforce formal change control procedures for all systems.

Databases and Software: In order to ensure the security of our database and Software system, we have Implemented secure coding, protect classified test data, use production data with documented approval, avoid storing source code, remove non-essential scripts, restrict privileged access, and document migration processes for software transfer.

Network Systems:  For robust network security, we authorize and document system connections, annually reviewing their validity. Our network architecture incorporates tiered segmentation, and management is exclusively performed from a secure network. Authentication is enforced for users and devices accessing internal systems, while network traffic capture is limited to authorized entities. Additionally, we conduct risk assessments before implementing significant network changes.

Account Management & Access Control: We follow the standard procedure for account management and access control which covers:

• Access Control: Access to systems requires individually assigned unique identifiers (user-IDs).
• Authentication Tokens: User-IDs are associated with authentication tokens (e.g., password, key fob, biometric) for identity verification.
• Session Locking: Implement automated techniques to lock sessions and require authentication after inactivity.
• Session Termination: Implement automated techniques to terminate sessions based on predefined conditions.
• Access Privileges: Information owners determine access to protected resources and privileges based on responsibilities.
• Least Privilege Principle: Access privileges granted according to the user’s job responsibilities and limited to tasks necessary for entity missions and business functions.
• Logon Banners: Implement logon banners on systems to inform users about approved use, monitoring, and no expectation of privacy.
• Managed Points-of-Entry: All remote connections must go through managed points-of-entry reviewed by the ISO/designated security representative.

Data Encryption
Sensitive information, encompassing user data and login credentials, transmitted via the MLES website, is mandated to undergo encryption. This process shall adhere to secure and widely accepted encryption protocols.

Incident Response
We have established an incident response plan to address security incidents related to the website promptly. All personnel must report any suspicious activity or security incidents immediately. In case of any incident of breach, please contact our dedicated team at : [ email address].

Regular Security Audits

Periodic security audits and assessments of the MLES website shall be conducted to identify vulnerabilities and ensure compliance with security policies.

Review and Updates

This Information Security Policy shall be reviewed periodically to ensure its relevance and effectiveness. We reserve the right to make updates as necessary to address emerging threats and changes in technology.

Contact Information

For questions or concerns regarding this Information Security Policy, please contact the MLES Information Security Team at [Contact Information].

By using the MLES website, all users acknowledge and agree to comply with this Information Security Policy.