Information Statement

We are fully aware of the importance of maintaining the availability, confidentiality and integrity of information related to the company, our employees, clients and other partners and stakeholders while considering Accountability and Non-repudiation through our Information Security policy. Therefore, we have established and set up an information management system to protect all necessary assets. This policy encompasses all systems, automated and manual, for which the entity has administrative responsibility, including systems managed or hosted by third parties on behalf of the entity. It addresses all information, regardless of the form or format, which is created or used in support of business activities.

Our Approach

In adherence to international standards, we proudly hold ISO/IEC 27001 certification, ensuring an effective Information Security Management System (ISMS). Our information security approach prioritizes safeguarding data confidentiality, integrity, and availability. We continually identify, assess, and manage risks, conduct regular IT audits, and uphold IT governance through relevant standards. Proactive measures prevent security incidents, protect reputations, and ensure compliance with legal obligations, regulations, and data privacy requirements. Our commitment aims to establish us as a trustworthy and dependable partner for our clients. Establishing ourselves as a robust and dependable partner for our clients.

Security Measures

To ensure the security and confidentiality of any information that we handle as a company or on behalf of clients, partners and stakeholders, we have adopted the following principles:

• Risk Management: Operate a risk management process that works effectively in identifying potential and existing risks and also helps us to manage, isolate, reduce and eliminate such information security risks.
• Continuous Improvement: Implementing policies and procedures to support, manage, regulate and ensure the effectiveness of the Information Security Management System and the continuous improvement of the system.
• Ensuring compliance: Complying with all applicable legal and regulatory IT security requirements and obligations.
• Effective Communication: Ensuring proper and adequate communication regarding information security requirements and relevant policies with all relevant parties, including training and learning programs for internal staff. 

To fulfill our goals in the information security area, we have implemented policies to cover all important parts of information security. Adopted Information Security Management System and implemented adequate tools, we ensure that all employees, contractors and partners are aware of their individual responsibility to maintain and ensure high standards of information security. 

System Security

Systems encompass servers, platforms, networks, communications, databases, and software applications. Our responsibility for maintenance/administration is assigned centrally. We-

Implement controls based on data classification for each system.
Synchronize system clocks to UTC using centralized reference time sources.
Establish environments/test plans for system validation pre-production.
Enforce separation of environments (development, test, QA, production).
Develop and enforce formal change control procedures for all systems.

Databases and Software

In order to ensure the security of our database and Software system, we have Implemented secure coding, protected classified test data, used production data with documented approval, avoided storing source code, removed non-essential scripts, restricted privileged access, and document migration processes for software transfer.

Network Systems

For robust network security, we authorize and document system connections, annually reviewing their validity. Our network architecture incorporates tiered segmentation, and management is exclusively performed from a secure network. Authentication is enforced for users and devices accessing internal systems, while network traffic capture is limited to authorized entities. Additionally, we conduct risk assessments before implementing significant network changes.

Account Management & Access Control

We follow the standard procedure for internal account management and access control, which covers:

• Access Control: Access to systems requires individually assigned unique identifiers (user-IDs).
• Authentication Tokens: User-IDs are associated with authentication tokens (e.g., password, key fob, biometric) for identity verification.
• Session Locking: Implement automated techniques to lock sessions and require authentication after inactivity.
• Session Termination: Implement automated techniques to terminate sessions based on predefined conditions.
• Access Privileges: Information owners determine access to protected resources and privileges based on responsibilities.
• Least Privilege Principle: Access privileges are granted according to the user’s job responsibilities and are limited to tasks necessary for entity missions and business functions.
• Logon Banners: Implement logon banners on systems to inform users about approved use, monitoring, and no expectation of privacy.
• Managed Points-of-Entry: All remote connections must go through managed points-of-entry and be reviewed by the ISO/designated security representative.

Data Encryption

Sensitive information, encompassing user data and login credentials, transmitted via the OLES website, is mandated to undergo encryption. This process shall adhere to secure and widely accepted encryption protocols.

People and Culture

Our People and Culture Policy is dedicated to fostering an inclusive, respectful, and supportive work environment. We prioritize diversity, equity, and employee well-being, promoting continuous learning and professional growth. This commitment ensures a positive workplace culture, driving both individual and organizational success.

Internal Audit

Our Internal Audit Policy ensures sturdy governance and operational efficiency through regular, objective audits. We assess compliance, risk management, and internal controls, providing actionable insights for continuous improvement. This rigorous approach guarantees transparency, accountability, and adherence to industry standards and regulations.

Education & Training

Omnilab ES ensures that all partners and staff recognize the critical importance of information security, including the protection of personal information. We emphasize the necessity of proper information handling and provide ongoing education on information security practices. 

Incident Response

We have established an incident response plan to promptly address security incidents related to the website. All personnel must report any suspicious activity or security incidents immediately. In case of any incident of breach, please contact our dedicated team at: marketing@omnilabes.com.

Regular Security Audits

Periodic security audits and assessments of the OLES website shall be conducted to identify vulnerabilities and ensure compliance with security policies. 

Review and Updates

This Information Security Policy shall be reviewed periodically to ensure its relevance and effectiveness. We reserve the right to make updates as necessary to address emerging threats and changes in technology.

Contact Information

For questions or concerns regarding this Information Security Policy, please contact the Omnilab ES Information Security Team at marketing@omnilabes.com or, +88-01720875032

The official website address of OmniLab Enterprise Solutions Ltd. is https://omnilabes.com. By using the Omnilab ES or OmniLab Enterprise Solutions websites, all users acknowledge and agree to comply with this Information Security Policy.