Introduction

This Security Policy (hereinafter referred to as the “Policy”) is a document to determine the key principles and requirements aimed at:

  • protection of the activity, interests, material values and information resources of M9 Logistics and its customers,
  • prevention of intentional and unintentional actions of natural or artificial nature and unfair competition
  • compliance with the applicable statutory regulations.

M9 Logistics employees, partners, contractors, and other staff are required to comply with this Policy and take a personal responsibility in respect to safeguarding M9 Logistics’ resources.

Who are we?

When this Policy mentions we, us, or M9 Logistics, it refers to M9 Logistics Affiliate, its employees and partners, as well as M9 Logistics Limited, a company registered in England and Wales with a number 08269826 (M9 Logistics). These security measures do not guarantee complete protection. The information contained in this Policy is for current or potential customers and suppliers and should not be distributed to others without our permission.

Who can you contact for privacy questions or concerns?

If you have questions or comments about this statement or how we handle personal data, please direct your correspondence to:

M9 Logistics
Data Protection Officer
Nethergers
Church Lane
Robertsbridge
England
TN32 5PH

You can also email dataprotection@m9logistics.com.

We aim to respond within 30 days from the date we receive privacy-related communications.

Security Organisation

This policy defines:

  • the objectives and tasks of the security system
  • Security system organization, functioning principles and legal grounds
  • types of security threats and resources to be protected
  • the main development principles of the security system, including legal, organizational and engineering and technical protection.

M9 Logistics utilizes the policy based on applicable legislation, governmental acts, and local law. All new hires are required to undertake a series of training sessions, which address partner and staff responsibilities as they relate to our Code of Conduct, our policies and procedures, information security, and privacy.

The main objectives of the security organization shall be as follows:

  • Provision of the stable functioning of M9 Logistics and prevention of its security threats
  • Protection of the legal interests of the organization from unlawful encroachments
  • Protection of our personnel’s life and health
  • Non-admission of larceny of financial and material and technical facilities, destruction of property and values
  • Non-admission of disclosure, loss, leakage, distortion, and destruction of proprietary information
  • Non-admission of violation of operation of technical facilities
  • Provision of the operational activity

Security objects of M9 Logistics:

  • Human resources
  • Financial resources
  • Data information resources
  • Information systems and networks
  • Material resources
  • Technical facilities and security and protection systems of material and information resources.

Human Resources Security

Before employment, each candidate shall voluntarily fill in a questionnaire form and shall be assessed in an interview process. The personal data provided by the candidate shall be checked and securely stored in accordance with our privacy policy. In any questions arise after the questionnaire has been checked, our HR Department may organise an additional interview for the candidate.

Our recruitment process aims to swiftly integrate new employees into our corporate standards and office environment. A unique introduction plan shall be developed for each new employee. During an employee’s probation period, at least 2 meetings will be held with the HR Department to check their training progress and fulfillment of tasks, in addition to identification of issues related to his/her work. The decision on completion of the probation period shall be the mutual decision of a direct supervisor and HR. Before completion of the probation period, the employee must:

  • pass their required training courses
  • accomplish all of their tasks in accordance with the Introduction Plan
  • successfully solve the current tasks related to the functions imposed on him/her
  • absolutely comply with the position held.

Security awareness training is a component of our hiring process. An awareness program reinforces the concepts and responsibilities defined in the Security Policy.

The M9 Logistics Code of Business Conduct and this security policy address appropriate use of the information, tools, and technologies. Those who violate the Code, or our policies and procedures will be subject to the sanctions established by the labor legislation in force, up to and including dismissal, depending on the seriousness of the violation. The measures aimed at assessment of the employees, control of the general satisfaction of the employees, commitment with the operation principles and involvement in the operation processes is exercised at M9 Logistics on the permanent basis.

M9 Logistics have established documented termination processes that define responsibilities for collection of information assets and removal of access rights for professionals who leave the Company. For the dismissal procedure, the employee shall have a Dismissal Checklist approved by the responsible officers. The Dismissal Checklist shall provide control over the absence of any violations of the dismissal procedure of the employees. An HR manager shall conduct a talk with all dismissed employees for the purposes of finding out the reasons of their dismissal.

Financial Security

All financial operations shall be accurate, correct and at the sufficient level of detail recorded by accounting, and shall be also documented and available for checking. Employees bear a personal responsibility for collection, preparation, and provision of the complete financial data according to applicable legislation. Distortion or falsification of the financial data shall be strictly forbidden and shall be deemed as fraud.

M9 Logistics performs an internal and external financial audit and checks the completeness and correctness of data in our accounting records on a regular basis. This is conducted alongside observation of the requirements of applicable legislation and internal regulatory documents, including principles and requirements established by this Policy. Within the framework of internal control procedures at M9 Logistics, checks of implementation of key business processes shall be carried out, including random legality checks of the payments to be affected, their economic feasibility, as well as expediency of expenditures, for the subject of confirmation by initial accounting documents and compliance with the requirements of this Policy.

M9 Logistics evaluates legal and credit risks of clients and contractors. Each counterparty shall provide us with as much information as we may reasonably require to ensure that the Counterparty complies with applicable law and our own policies. Such information may include the Counterparty’s company registration number, details of its jurisdiction of incorporation, certified copies of letters from any relevant credit rating agency and any other information that we may reasonably require in order to carry out independent verification.

Information Security

Information is a valuable and vitally important resource for us. M9 Logistics shall take related measures aimed at data protection against an incidental or intentional change, disclosure or destruction, as well as for the purposes of observation of confidentiality, integrity and availability of the information, provision of the process of automated data processing.

Our primary actions aimed at protection of information are:

  • preservation of confidentiality of crucial information resources
  • provision of continuous access to information resources aimed to support business activity
  • protection of information integrity for the purpose of maintaining M9 Logistics’ capabilities to render high-quality service and make efficient managerial decisions
  • raising awareness of the users with regards to the risks related to information resources
  • determining extent of responsibility and obligations of employees with regards to information security.

M9 Logistics’ IT organization has established and maintains controls over several operating procedures:

  • Security Software Suite, including a virus protection software package, spyware detection and removal of malicious software, desktop firewalls, secure remote access (VPN) software and URL filtering software
  • System Backup. Data center systems are routinely backed up for disaster recovery purposes
  • Wireless Networks. Only IT-managed wireless networks are permitted on our network
  • Network Security. All data center internet access points feature firewall segregation
  • Authorization and Authentication Controls. M9 Logistics has established documented procedures for secure creation and deletion of user accounts, including processes to disable and/or delete accounts of employees temporarily away from the Company. All our partners and staff are required to agree to take reasonable precautions to protect the integrity and confidentiality of security credentials
  • Privileged Access. Access to authentication servers at administrative, root or system levels is limited to those professionally designated by us
  • Password Requirements. Our security policy establishes requirements for password changes, reuse and complexity.

Material Resources Security

Security of material resources and infrastructure are provided as follows:

  • Physical access controls are implemented at all our offices. Controls vary by location, but typically include card-reader access to facilities, on-premises security staff and defined procedures for visitor access control.
  • Organization of access control arrangements at M9 Logistics facilities and access management control systems.
  • Provision of security with use of licensed security contracting organizations.
  • Organization of a video surveillance system.
  • Organization of a compliance check of employees with the requirements of the Code of Business Conduct.

Introduction of Changes and Incident Management

If any inefficient provisions of this Policy or the related business processes of M9 Logistics are discovered, or if the requirements of the applicable law are revised, M9 Logistics shall arrange development and implementation of a plan of action to update this Policy and/or business processes.

M9 Logistics does hereby require that its employees should comply with this Policy informing them of the key principles, requirements, and sanctions for infringements. The employees, regardless of the position taken, shall be held personally liable for compliance with principles and requirements of this Policy, as well as the actions (inactivity) of individuals subordinate to them who infringe on these principles and requirements. Since M9 Logistics may be subject to sanctions for participation of its employees, contractors and other persons in illegal activity, on each reasonably grounded suspicion or based on a discovered fact of infringement on this Policy, internal investigations will be initiated within the frameworks permitted by applicable legislation.

Persons guilty of violation of the requirements of this Policy can be brought to disciplinary, administrative, civil-legal or criminal responsibility on initiative of M9 Logistics, law enforcement bodies or other persons in accordance with the procedure and on the grounds envisaged by local legislation, internal documents of M9 Logistics’ local regulatory acts and labor contracts, as well as, when applicable, and upon available grounds.