Information Security Management System Policy

At Melita & Partners, we uphold the policy to protect information in all forms – written, spoken, digitally recorded or printed – from accidental or intentional unauthorized modification, destruction or disclosure, or disclosure throughout its life cycle. This commitment complies with the international standard ISO/IEC 27001:2022. To ensure comprehensive protection, we implement appropriate security measures for equipment and software involved in the processing, storage and transmission of information.

Additionally, our information security risk management practices adhere to the guidelines set forth in the ISO/IEC 27005:2018 standard. Following these internationally recognized methodologies, we prioritize the confidentiality, integrity and availability of our valuable information assets.

Specifically, Melita & Partners's SMSI is based on ISO/IEC 27001:2022 requirements and is integrated with the quality management system based on ISO 9001:2015.

The objective of Melita & Partners is to assess and validate the commitment to maintaining the confidentiality, integrity and availability of information in professional services, accounting, financial advice and consultancy, as well as the exchange of information, both within the organization and with external entities. This is achieved through a robust business continuity and traceability process that takes into account cybersecurity and privacy concerns.

All policies and procedures must be documented and made available to individuals responsible for their implementation and compliance. All activities identified by policies and procedures must also be documented. All documentation, which may be in electronic form, must be retained for at least 6 (six) years after initial creation or, in relation to policies and procedures, after changes. All documentation must be reviewed periodically to ensure adequacy, a period to be determined by the ISO Team. Melita & Partners.

At each department and/or unit level, there will be the formulation of additional policies, standards and procedures to explain the implementation of this policy and set of established standards. These instructions will also address any additional functionality specific to each department's information systems. It is essential that all departmental policies align with this overarching policy. For any system introduced after the effective date of these policies, compliance with the provisions of this policy is expected, to the extent possible. Existing systems are also expected to be brought into compliance as soon as possible and practical.

iso 27001 certification badge

Scope

The field of information security includes the protection of confidentiality, integrity and availability of all information processed and stored by Melita & Partners.

The methodology for information security management in this policy is applicable to all units, workers, other contractors involved and all systems involved in Melita & Partners.

This policy and all standards apply to all protected information and other classes of protected information in any form as defined in the approved Information Classification Matrix at Melita & Partners.

SMSI of Melita & Partners is based on ISO/IEC 27001:2022 requirements and is integrated with the quality management system based on ISO 9001:2015.

The policy of our organization serves to:

  1. I ensure that manuals, policies, procedures, instructions and plans are clear and concise to reflect what Melita & Partners is committed to accomplish;
  2. Monitor and analyze performance metrics and make necessary modifications or adjustments as appropriate affecting Information Classification, Incident Management, Risk Management, Business Continuity and Information, Cyber ​​Security, Privacy and/or any related entities;
  3. Educate all employees about information security, cyber security and privacy;
  4. Ensuring effective external and internal communication;
  5. Foster a team approach to problem solving and proactive action by empowering all employees to be quality ambassadors;
  6. Implement and monitor the organization's SMSI in its culture and daily practices Melita & Partners as a long-term commitment to the CIA's quality and protection (confidentiality, integrity, availability) of information;
  7. The senior management of the organization will meet regularly with the SMSI Team representative to review and ensure the effectiveness of the Information Security Management System;
  8. Adoption of good information security and data protection practices in terms of protecting the confidentiality, integrity and availability of all processed information;
  9. Compliance with local and international legal requirements and other applicable requirements, continuously improve the performance of SMSI accordingly;
  10. Continually improve the information security and continuity plan, aiming to increase the effectiveness of SMSI and information continuity requirements.


The management of Melita & Partners is responsible for ensuring that the Information Security Management System Policy is:

  • Appropriate for the purpose of the organization;
  • Contains continuous commitment to constantly improve the effectiveness of the Integrated Management System to ensure conformity and compliance with Laws, Regulations, Administrative Instructions and Standards in Force;
  • Establishes a framework for creating and further revising the objectives of the Information Security Management System;
  • Communicated regularly within management and understood within the organization; and
  • It is regularly reviewed to enable appropriateness.


The ISO team is responsible for ensuring that the Information Security Management System Policy is reviewed during the Management Review process.

Facebook-f Linkedin Youtube
Resources
Policies
Site policies
Melita&Partners
Melita&Partners

© Copyright 2024 Melita&Partners. All Rights Reserved.

[calendly url="https://calendly.com/melitaandpartners/consultation-call-business" type="1" form_height="800" form_width="800" hide_cookie_banner="1"]