Our Information Security Policy

Effective Date: 31.07.2024

Commitment Statement: At MULTI-ME Ltd., we are committed to upholding the highest standards of information security to protect the valuable information assets entrusted to us by our clients, partners, and stakeholders. We recognise the critical importance of safeguarding these assets to maintain trust and ensure the continuity of our services. This Information Security Policy establishes a framework of principles, guidelines, and responsibilities designed to ensure the confidentiality, integrity, and availability of all information assets within our organisation. We are dedicated to continually improving our security measures, complying with all relevant legal and regulatory requirements, and fostering a culture of security awareness among our employees.

1. Introduction

MULTI-ME LTD recognises the critical importance of safeguarding information assets to maintain trust with our clients, partners, and stakeholders. This Information Security Policy outlines the principles, guidelines, and responsibilities for ensuring the confidentiality, integrity, and availability of all information assets within the organisation.

2. Scope

This policy applies to all employees, contractors, vendors, and third parties who have access to MULTI-ME LTD's information assets, including but not limited to:

  • Software products and source code

  • Customer data and personal information

  • Financial records and business-sensitive information

  • Intellectual property and trade secrets

3. Security Objectives

MULTI-ME LTD is committed to achieving the following security objectives:

  • Protecting sensitive information against unauthorised access, disclosure, alteration, or destruction.

  • Ensuring the availability and reliability of our SaaS platform and services.

  • Complying with relevant legal and regulatory requirements, including GDPR, HIPAA, and industry-specific standards.

  • Promoting a culture of security awareness and continuous improvement throughout the organisation.

These objectives will be reviewed periodically to ensure they remain relevant and aligned with the company’s evolving risk landscape.

4. Information Security Controls

4.1. Access Control

  • Access to sensitive information and systems shall be granted on a need-to-know basis and follow the principle of least privilege.

  • User accounts and access privileges shall be reviewed regularly (e.g., quarterly) and updated as necessary.

  • Multi-factor authentication shall be implemented for accessing critical systems and applications.

4.2. Data Protection

  • Customer data shall be encrypted both in transit (using secure protocols such as HTTPS and VPNs) and at rest using industry-standard encryption algorithms.

  • Data classification shall be enforced to identify and protect sensitive information appropriately.

  • Regular data backups shall be conducted to ensure data integrity and availability in case of incidents.

4.3. Security Awareness Training

  • All employees shall receive security awareness training upon onboarding and periodically thereafter, including compliance with relevant legal and regulatory requirements.

  • Training materials and resources shall be provided to educate employees on security best practices, including phishing awareness and social engineering tactics.

4.4. Incident Response

  • An incident response plan shall be developed and maintained to promptly detect, respond to, and recover from security incidents.

  • All security incidents shall be reported immediately to the designated incident response team for investigation and resolution.

5. Compliance and Monitoring

5.1. Compliance

  • Compliance with this policy and related security procedures is mandatory for all employees and contractors.

  • Any violations of this policy shall result in disciplinary action, which may include termination of employment or contract, and legal action if necessary.

5.2. Monitoring and Review

  • Regular security audits, risk assessments, and compliance reviews shall be conducted to evaluate the effectiveness of security controls. These will be managed by the Information Security Officer (ISO) or a designated team.

  • This policy shall be reviewed annually and updated as necessary to reflect changes in technology, regulations, or business operations.

6. Responsibilities

All employees, contractors, and stakeholders are responsible for:

  • Adhering to this Information Security Policy and related security procedures.

  • Reporting any security concerns, vulnerabilities, or incidents to the appropriate authorities.

  • Participating in security awareness training and education programmes provided by MULTI-ME LTD.

  • Proactively engaging in identifying potential security improvements or reporting risks.

7. Enforcement and compliance

All staff members are required to adhere to the information security policies and procedures outlined by the organisation. Compliance with these policies is mandatory to protect our information assets and ensure the integrity, confidentiality, and availability of our data. Non-compliance may result in disciplinary action, up to and including termination of employment.

8. Contact Information

For questions or concerns regarding this policy, please contact the Information Security Officer at privacy@multime.com.