We understand the importance of securing your data and intellectual property—which is why we have built a comprehensive security management framework that enables us to handle your most sensitive information. This proven, thoroughly documented security policy is aligned with ISO/IEC 27001:2013 Information Security Management Standard guidelines. MERA has started the process of bringing its corporate Information Security Management System to compliance with ISO/IEC 27001:2013, with the aim of achieving official certification of compliance with the standard.
Intellectual property protection
All MERA personnel and affiliates having access to proprietary client information (data, documentation, software etc.) are contractually committed to protect that information. Under these agreements, our staff must keep confidential all work-related information, data, software, and documents and surrender all such materials upon termination of service engagement to the employer.
The MERA information security policy determines acceptable use of all data and equipment owned by MERA, our partners, and our customers. The building blocks of the MERA information security policy are:
- Control over access to data, resources and equipment, including MERA premises
- Ongoing interactions with customers regarding security requirements and issues
- Effective business continuity planning, which ensures uninterrupted performance of business critical processes
MERA fully realizes human behavior is often the most important factor in preventing data breaches. Ongoing training ensures that all employees understand information security threats and are capable of effectively applying MERA policies.
Physical Security and Access Control
Work spaces, labs and server rooms are located in dedicated project areas designed to contain information in a secure manner. Restricted access areas are well-protected to safeguard mission critical systems, intellectual property, and confidential data.
Mera aims at ensuring security and safety of the software products and program code we create or take part in. Product security process has been developed, implemented and is now being maintained and evolved corporate-wide.
Product security is management of security and safety of the software products throughout their lifecycle, which includes:
- Definition of security requirements to the product
- Definition of threats and vulnerabilities of the code and the released product at each stage of software development: design, implementation, testing, release
- Mitigation measures planning and performing, security testing
The unified approach implemented at MERA is risk-based:
- Methods are established for the identification, analysis and rating of security risks for the products, throughout their life cycle
- The approach focuses on risks related to the possible exploitation of vulnerabilities through communication and/or user/operator interfaces of the products
- Prevention or mitigation controls are developed for every applicable risk (policies, procedures, practices which can be administrative, technical, management in nature)
These activities result in product security risk management and treatment plans, unique for each project.
Corporate Product Security process development presumes deep systematic work of every department on the analysis of threats and vulnerabilities of software products and program code, study of industry standards and best practices to follow, gaining profound knowledge and competence in this sphere, corporate education.