Information Security

At Binalyze OÜ, we recognize the critical importance of information security. We commit to maintaining the confidentiality, integrity, and availability of all information. This policy outlines our approach to protecting information assets and ensuring compliance with industry standards.

Definitions

• Confidentiality: Ensuring that information is accessible only to those authorized to have access.

• Integrity: Safeguarding the accuracy and completeness of information and processing methods.

• Availability: Ensuring that authorized users have access to information and associated assets when required.

• ISMS (Information Security Management System): A systematic approach to managing sensitive company information so that it remains secure.

• Risk Assessment: The process of identifying, estimating, and prioritizing risks to organizational operations.

• Cloud Services: Services made available to users on demand via the internet from a cloud computing provider's servers.

• Virtual Networks: A network of geographically dispersed and physically separated computers connected by a telecommunications network.

Management Commitment 

Our management is dedicated to establishing, implementing, monitoring, and continually improving our Information Security Management System (ISMS). We align with ISO/IEC 27001, 27017, 27018, 27701 standards, and SOC 2 Type II compliance, providing the necessary resources and support to achieve our information security objectives.

Information Security Objectives

• Conducting activities that ensure the effective, accurate, prompt, and secure management of information.

• Maintaining strict compliance with all legal, regulatory, and contractual requirements to protect information assets.

• Aligning information security measures with the highest industry standards and best practices to ensure robust protection.

• Implementing proactive measures to identify, assess, and mitigate risks associated with information security.

• Ensuring the availability of critical information systems and assets to authorized users when needed.

• Continuously improving the information security management processes to adapt to evolving threats and technologies.

• Establishing a culture of security awareness among all employees through regular training and communications.

• Applying rigorous access control measures to prevent unauthorized access to information.

• Monitoring and responding promptly to any information security incidents to minimize potential impact.

• Conducting regular audits and reviews to ensure the ongoing effectiveness and compliance of the ISMS.

Roles and Responsibilities

Management

• ISMS Oversight: Ensure the ISMS aligns with organizational objectives and complies with relevant standards and regulations.

• Resource Allocation: Provide necessary resources for effective information security management.

• Policy Enforcement: Ensure enforcement of security policies and procedures across the organization.

• Continuous Improvement: Oversee the continual improvement of the ISMS through regular reviews and updates.

Information Security Team

• Technical Controls Implementation: Develop and maintain technical controls to protect information assets.

• System Monitoring: Continuously monitor systems for security incidents and vulnerabilities.

• Incident Management: Respond to and manage security incidents, ensuring proper documentation and resolution.

• System Audits and Updates: Conduct regular audits and updates of systems to ensure security measures remain effective.

Employees

• Policy Adherence: Follow all information security policies and procedures.

• Training Participation: Participate in regular security training and awareness programs.

• Incident Reporting: Report any suspected security incidents or breaches immediately.

Contractors and Partners

• Compliance with Security Requirements: Adhere to Binalyze OÜ’s security requirements as stipulated in contracts and agreements.

• Training and Awareness: Participate in security training and awareness programs as required.

• Security Incident Reporting: Report any security incidents involving Binalyze OÜ’s information assets.

ISMS Manager

• Risk Management: Oversee risk assessment and treatment processes, ensuring risks are properly managed.

• Policy Development: Develop and update security policies and procedures in line with best practices and regulatory requirements.

• Training Coordination: Ensure that all employees receive appropriate security training.

• Audit Coordination: Coordinate internal and external audits to verify compliance with the ISMS.

Data Protection Officer (DPO)

• Regulatory Compliance: Ensure compliance with data protection regulations, including GDPR.

• Privacy Impact Assessments: Conduct and oversee privacy impact assessments for new projects and initiatives.

• Incident Response: Manage the response to data breaches involving personal data.

• Stakeholder Communication: Communicate with regulatory authorities and affected stakeholders in the event of a data breach.

End Users

• Access Control: Use access credentials responsibly and report any issues with access controls.

• Security Best Practices: Follow security best practices, such as using strong passwords and avoiding phishing scams.

• Device Security: Ensure that all devices used to access organizational information are secured and updated regularly.

Risk Management

• Risk Assessments: We conduct regular assessments to identify potential threats and vulnerabilities, using accepted methodologies to evaluate risks.

• Risk Treatment Plans: We develop and implement plans to mitigate identified risks, regularly reviewing and updating these plans to ensure effectiveness.

Information Security Activities

Protection Measures

• We apply encryption, access controls, and other security measures to safeguard information.

Cyber Threat Monitoring

• We continuously monitor for cyber threats and vulnerabilities.

• We implement countermeasures to protect against threats.

Security Culture

• We foster a corporate culture prioritizing information security through regular training, awareness campaigns, and leadership involvement.

Training and Awareness

• Employee Training: We provide ongoing training programs to ensure all employees understand security policies and procedures. Training is mandatory for all new employees and regularly updated for all staff.

• Awareness Programs: We conduct awareness programs to keep information security top of mind for all employees and contractors.

Incident Response

• Reporting Procedures: We establish clear procedures for reporting security incidents. All incidents must be reported immediately to the designated security team.

• Investigation and Resolution: We investigate all reported incidents promptly and take appropriate action to resolve them. We document all incidents and responses for future reference.

Business Continuity

• Continuity Plans: We develop, implement, and test plans to ensure business operations can continue during and after a security incident.

• Data Backup: We ensure regular backups of critical data and test restore procedures to guarantee data can be recovered in case of loss.

Compliance and Audit

• Compliance Checks: We regularly review compliance with legal, regulatory, and contractual obligations.

• Audits: We conduct internal and external audits to ensure adherence to the ISMS and identify areas for improvement.

Continuous Improvement

• Policy Review: We regularly review and update the information security policy and ISMS, ensuring they remain effective and aligned with industry best practices.

• Feedback Mechanism: We provide a mechanism for employees and stakeholders to give feedback on security practices and suggest improvements.

Virtual Networks Security

• Equivalent Measures: We apply the same security measures to virtual networks as to physical ones.

• Risk Assessments: We conduct specific risk assessments for virtual networks and implement appropriate controls.

• Continuity and Backup: We ensure business continuity and data backup procedures cover virtual networks.

• Access Management: We follow ISMS procedures for managing access to virtual networks.

Cloud Services Security

• Extension of Infrastructure: We treat cloud services as extensions of our infrastructure.

• Risk Assessments: We conduct risk assessments and apply appropriate controls to cloud assets.

• Compliance: We ensure cloud services comply with all relevant legislative, regulatory, and contractual obligations.

• Management of Cloud Services: We effectively manage users, processes, and geographical considerations related to cloud services.

Contact Information

Security Contacts: We designate specific points of contact for any security-related issues, ensuring these contacts are accessible and responsive. For any security concerns, please email us at security@binalyze.com.