Information Security Policy
Last updated on 10 June, 2024.
Authority
Monstarlab Enterprise Solutions Limited (MLES), also referred to as Monstarlab ES, is a shared service center of member firms of Monstarlab global organizations affiliated with Monstarlab Holdings Inc. from Tokyo, Japan (TYO:5255) and is a limited liability company registered in Bangladesh having the registered address at Plot No. 5 (2nd Floor), Paragon House, Mohakhali C/A Dhaka, 1212, Bangladesh. You can contact us at +8809613652562 or : support@monstarlabes.com. Here by “MonstarlabES” or “Monstarlab ES” or “MLES”/ “we,” “us,” and “our,” we mean Monstarlab Enterprise Solutions Limited (MLES) and anyone who visits or accesses this website is referred as “you, your, user”.
Purpose Statement
Monstarlab Enterprise Solutions is part of the global Monstarlab network and known for its extensive consulting and advisory services, including financial services, audit, tax, sustainability initiatives and turn-key enterprise solutions such as ERP. Monstarlab Enterprise Solutions is known for its robust use of technology, including AI and RPA and key differentiators centered around robust cybersecurity, ensuring seamless productivity and safeguarding critical assets. Committed to service excellence, we prioritize information security.
The Information Security Policy outlines our commitment to safeguarding confidentiality, integrity, and availability of information on the MLES website, aligning with our dedication to technology-driven excellence and maintaining the safety of all assets.
Information Statement
We are fully aware of the importance of maintaining the availability, confidentiality and integrity of information related to the company, our employees, clients and other partners and stakeholders while considering Accountability and Non-repudiation through our Information Security policy. Therefore, we have established and set up an information management system to protect all necessary assets. This policy encompasses all systems, automated and manual, for which the entity has administrative responsibility, including systems managed or hosted by third parties on behalf of the entity. It addresses all information, regardless of the form or format, which is created or used in support of business activities.
Our Approach
In adherence to international standards, we proudly hold ISO/IEC 27001 certification, ensuring an effective Information Security Management System (ISMS). Our information security approach prioritizes safeguarding data confidentiality, integrity, and availability. We continually identify, assess, and manage risks, conduct regular IT audits, and uphold IT governance through relevant standards. Proactive measures prevent security incidents, protect reputations, and ensure compliance with legal obligations, regulations, and data privacy requirements. Our commitment aims to establish us as a trustworthy and dependable partner for our clients. Establishing ourselves as a robust and dependable partner for our clients.
Security Measures
To ensure the security and confidentiality of any information that we handle as a company or on behalf of clients, partners and stakeholders, we have adopted the following principles:
- Risk Management: Operate a risk management process that works effectively in identifying potential and existing risks and also helps us to manage, isolate, reduce and eliminate such information security risks.
- Continuous Improvement: Implementing policies and procedures to support, manage, regulate and ensure the effectiveness of the Information Security Management System and the continuous improvement of the system.
- Ensuring compliance: Complying with all applicable legal and regulatory IT security requirements and obligations.
- Effective Communication: Ensuring proper and adequate communication regarding information security requirements and relevant policies with all relevant parties, including training and learning programs for internal staff.
To fulfill our goals in the information security area, we have implemented policies to cover all important parts of information security. Adopted Information Security Management System and implemented adequate tools, we ensure that all employees, contractors and partners are aware of their individual responsibility to maintain and ensure high standards of information security.
System Security
Systems encompass servers, platforms, networks, communications, databases, and software applications. Our responsibility for maintenance/administration is assigned centrally. We-
Implement controls based on data classification for each system.
Synchronize system clocks to UTC using centralized reference time sources.
Establish environments/test plans for system validation pre-production.
Enforce separation of environments (development, test, QA, production).
Develop and enforce formal change control procedures for all systems.
Databases and Software
In order to ensure the security of our database and Software system, we have Implemented secure coding, protected classified test data, used production data with documented approval, avoided storing source code, removed non-essential scripts, restricted privileged access, and document migration processes for software transfer.
Network Systems
For robust network security, we authorize and document system connections, annually reviewing their validity. Our network architecture incorporates tiered segmentation, and management is exclusively performed from a secure network. Authentication is enforced for users and devices accessing internal systems, while network traffic capture is limited to authorized entities. Additionally, we conduct risk assessments before implementing significant network changes.
Account Management & Access Control
We follow the standard procedure for internal account management and access control, which covers:
- Access Control: Access to systems requires individually assigned unique identifiers (user-IDs).
- Authentication Tokens: User-IDs are associated with authentication tokens (e.g., password, key fob, biometric) for identity verification.
- Session Locking: Implement automated techniques to lock sessions and require authentication after inactivity.
- Session Termination: Implement automated techniques to terminate sessions based on predefined conditions.
- Access Privileges: Information owners determine access to protected resources and privileges based on responsibilities.
- Least Privilege Principle: Access privileges are granted according to the user’s job responsibilities and are limited to tasks necessary for entity missions and business functions.
- Logon Banners: Implement logon banners on systems to inform users about approved use, monitoring, and no expectation of privacy.
- Managed Points-of-Entry: All remote connections must go through managed points-of-entry and be reviewed by the ISO/designated security representative.
Data Encryption
Sensitive information, encompassing user data and login credentials, transmitted via the MLES website, is mandated to undergo encryption. This process shall adhere to secure and widely accepted encryption protocols.
People and Culture
Our People and Culture Policy is dedicated to fostering an inclusive, respectful, and supportive work environment. We prioritize diversity, equity, and employee well-being, promoting continuous learning and professional growth. This commitment ensures a positive workplace culture, driving both individual and organizational success.
Internal Audit
Our Internal Audit Policy ensures sturdy governance and operational efficiency through regular, objective audits. We assess compliance, risk management, and internal controls, providing actionable insights for continuous improvement. This rigorous approach guarantees transparency, accountability, and adherence to industry standards and regulations.
Education & Training
Monstarlab ES ensures that all partners and staff recognize the critical importance of information security, including the protection of personal information. We emphasize the necessity of proper information handling and provide ongoing education on information security practices.
Incident Response
We have established an incident response plan to promptly address security incidents related to the website. All personnel must report any suspicious activity or security incidents immediately. In case of any incident of breach, please contact our dedicated team at: support@monstarlabes.com.
Regular Security Audits
Periodic security audits and assessments of the MLES website shall be conducted to identify vulnerabilities and ensure compliance with security policies.
Review and Updates
This Information Security Policy shall be reviewed periodically to ensure its relevance and effectiveness. We reserve the right to make updates as necessary to address emerging threats and changes in technology.
Contact Information
For questions or concerns regarding this Information Security Policy, please contact the Monstarlab ES Information Security Team at support@monstarlabes.com or, +8809613652562
The official website address of Monstarlab Enterprise Solutions Ltd. is https://monstarlabes.com. By using the Monstarlab ES or Monstarlab Enterprise Solutions websites, all users acknowledge and agree to comply with this Information Security Policy.
FAQs
What is Monstarlab Enterprise Solutions' approach to data security?
Monstarlab Enterprise Solutions prioritizes safeguarding data through our ISO/IEC 27001 certified Information Security Management System (ISMS), emphasizing risk management, continuous improvement, and compliance with legal obligations.
How does Monstarlab ES ensure the confidentiality and integrity of client information?
We implement rigorous security measures including encryption, access control, and regular IT audits to protect the confidentiality and integrity of all client information.
Can I report a security incident or suspicious activity to Monstarlab ES?
Yes, please report any security incidents or suspicious activities immediately to our dedicated support team at support@monstarlabes.com.
What encryption protocols does Monstarlab ES use to protect data?
Monstarlab ES uses secure and widely accepted encryption protocols to ensure the protection of sensitive information transmitted via our website.
How often does Monstarlab ES review and update its Information Security Policy?
Our Information Security Policy is reviewed periodically to ensure its effectiveness and relevance, with updates made as necessary to address new threats and technological changes.
What training and education does Monstarlab ES provide to ensure information security?
Monstarlab Enterprise Solutions conducts regular training and educational programs for all employees and partners to reinforce the importance of information security, emphasizing proper handling of personal and sensitive data in alignment with our ISO/IEC 27001 standards.
Connect with us
Monstarlab Enterprise Solutions.
Let us know who you are and how we can help and one of our team will connect with you.