Environmental Analysis
Strategic advantages and benefits of information security, quality management system
1. Ensuring information security and quality management in the Company’s internal processes – Mainlink UAB (hereafter – the Company) has experience in the field of MainHive cloud platform and MainNET infrastructure development, operates strictly in accordance with the established information security and quality management requirements, so compliance with customer requirements, information security, process quality requirements and service quality is always ensured.
2. Reliable software – the Company develops and maintains MainHive – cloud platform utilizing smart tech aimed at secure data collection and automatization, MainNET – complete carrier-grade LoRa-based network infrastructure.
3. Ethical business – open and honest treatment of customers, partners, and employees.
Threats to information security and quality management system
1. Cyber security – the changing and rapidly evolving external environment in terms of information security and information technology can have a significant impact on information security assurance / maintenance measures. The Company must constantly monitor, take an interest in, and integrate new / updated information security controls to ensure the security of the products being developed.
2. Partners and suppliers – the offer of IT technologies and products is rapidly changing. The Company must select partners and suppliers promptly, efficiently, and responsibly, considering the risks that external parties may pose/ influence and how they relate to the security of the Company’s information, service level (SLA), quality of business processes.
3. Compliance with legal and contractual requirements – the Company develops and maintains MainHive – cloud platform utilizing smart tech aimed at secure data collection and automatization, MainNET – complete carrier-grade LoRa-based network infrastructure. Possible legal and financial lawsuits regarding local legislation, information security, cyber security incidents. This means that the Company must control compliance with local, contractual, and related legislation, use the 4-eye principle.
4. Requirements set by Group ICOR, related processes raise new requirements for process management and information security.
5. The product created by the Company will not be suitable for the market, the region.
6. There may be a shortage of the necessary equipment or disruption of its supply chain due to external factors (war, pandemic, etc.). The company plans the equipment supply chain or uses the services of local suppliers.
SWOT
|
No. |
Trend or factor |
Impact |
Company behaviour |
|
|
Positive |
Negative |
|||
|
1 |
The need and obligation of customers to ensure information security is growing. |
The probability of expanding the range of services and deepening competence is increasing. |
In the event of an error or lack of expertise, the Company may suffer financial and reputational damage. |
The competence and qualification of the employees are constantly raised, inspections of the applied IS measures and internal audits are performed. |
|
2 |
To ensure information security |
Customer expectations and requirements for information security are maintained and growing. The Company wants to manage IS processes and avoid incidents. |
It becomes difficult to choose the right information security measures correctly. |
By ensuring continuous management of operational information security measures, quality and compliance with the requirements of the ISO/IEC 27001: 2022, ISO/IEC 27001:2022, ISO 27002:2022; ISO 9001:2015, ISO 9001:2015/AMD1:2024 standards, the Company will be able to create added value for its customers and the group of companies, other stakeholders. |
|
3 |
Customers need to have a safe product and quality services |
Customers want to be assured that the product/ services will meet information security and cyber security requirements, contractual obligations. |
Not all companies care about information and cyber security. |
By ensuring continuous management of operational information security measures, quality and compliance with the requirements of the ISO/IEC 27001: 2022, ISO 9001:2015 standards, the Company will be able to create added value for its customers and the group of companies, other stakeholders. |
|
4 |
Compliance with GDPR requirements |
The probability of expanding the range of services and deepening competence is increasing. |
In the event of an error or lack of expertise, the Company may suffer financial and reputational damage. |
The competence and qualification of the employees are constantly raised, inspections of the applied IS measures and internal audits are performed. Data processor. |
|
5 |
Customers want to receive uninterrupted and quality service |
Loyal customer, the contract will be extended. |
In the event of an error or lack of expertise, the Company may suffer financial and reputational damage. |
Correct process and risk management, application of internal control in accordance with the requirements of the ISO 9001: 2015, ISO 9001:2015/AMD1:2024 standard. |
PEST
|
Possibilities |
||||
|
No. |
Opportunity description |
Company strengths |
Company weaknesses |
Company behaviour |
|
1 |
Reliable software that provides in-depth analysis |
The Company develops
and maintains MainHive – cloud platform utilizing smart tech aimed
at secure data collection and automatization, MainNet – complete
carrier-grade LoRa-based network infrastructure. |
Failure to provide quality information would
impact Company’s placement in market. |
Expand the awareness of the Company name. Ensure a high level of product/ service and their protection. |
|
2 |
The equipment and services are tailored to the
customer’s needs |
The Company develops
and maintains MainHive – cloud platform utilizing smart tech aimed
at secure data collection and automatization, MainNET – complete
carrier-grade LoRa-based network infrastructure. |
The customer’s requirements change, the
customer terminates the testing contract. |
Ongoing cooperation with the client. |
|
3 |
Confidentiality, integrity, availability – the Company’s
information security management system is maintained and managed in
accordance with these principles |
Employee competence and implementation and
maintenance of IS measures ensure high compliance of IS principles with the
requirements of the ISO/IEC 27001: 2022, ISO/IEC 27001:2022, ISO 27002:2022
standards. |
Failure to ensure information security and cyber
security can have a significant impact on a Company’s credibility. |
To ensure the competence of employees, to evaluate
and implement IS measures, to ensure the control of the applied measures and
the effectiveness of the application. |
|
4 |
Reliability – by ensuring continuous information
security management and compliance with the requirements of the ISO/IEC
27001: 2022, ISO/IEC 27001:2022, ISO 27002:2022 standards, added value is
created for customers. |
Employee competence and implementation and
maintenance of IS measures ensure high compliance of IS principles with the
requirements of the ISO/IEC 27001: 2022, ISO/IEC 27001:2022, ISO
27002:2022 standards. |
Failure to ensure information security and cyber
security can have a significant impact on a Company’s credibility. |
To ensure the competence of employees, to evaluate
and implement IS measures, to ensure the control of the implementation of
measures and the efficiency of application. |
|
Threats |
||||
|
Nr. |
Threat description |
Company strengths |
Company weaknesses |
Company behaviour |
|
1 |
Sufficient and necessary IS and program security
measures are not provided |
Employee competence, implementation and support of
IS measures ensure high compliance of information security principles with
the requirements of the ISO/IEC 27001: 2022, ISO/IEC 27001:2022, ISO
27002:2022 standards. |
Lack of finance / working capital may prevent
adequate IS and IT facilities. |
The Company must ensure the need for the necessary
resources, plan them, assess the associated risks. |
|
2 |
Cyber security – the changing and rapidly evolving
external environment for information can have a significant impact on the
level of information security and the means to ensure/ maintain it. |
Employee competence, implementation and support of
IS measures ensure high compliance of information security principles with
the requirements of the ISO/IEC 27001: 2022, ISO/IEC 27001:2022, ISO
27002:2022 standards. |
The human factor, lack of time can hinder the
acquisition of all relevant knowledge, changes affecting information
security. There may be a lack of financial capacity to implement the latest
IS and IT technologies. |
The Company must constantly monitor, take an
interest in and integrate new/ updated information security controls. |
|
3 |
Compliance with legal and contractual requirements –
the Company develops and
maintenance MainHive – cloud platform utilizing smart tech aimed
at secure data collection and automatization, MainNET – complete
carrier-grade LoRa-based network infrastructure. Possible legal and financial
lawsuits regarding information security, cyber security incidents. This means
that the Company must control compliance with contractual and related
legislation, use the 4-eye principle. |
Employee competence and its support |
The human factor, lack of time can affect compliance
with contractual and legal requirements. |
The Company must control compliance with contractual
and related legislation, use the 4-eye principle. |
|
4 |
Equipment supply disruptions |
Local and / or permanent partner equipment is used. |
Loss of partners |
The company must manage risk in a timely manner and manage
the measures taken. |
The Scope
The Company is a part of ICOR Group focused solely on full IoT solution implementation for utilities and submetering:
• IoT data processing
• IoT connectivity
• Metering as a service
The Company help utilities to deal with their challenges. In water utility case it would be:
• Non-revenue water – enabling quick elimination of water leaks, thefts, meter inaccuracy, and unmetered consumption
• Operational efficiency – supporting planning and efficient resource distribution with meter data management system
• Sustainability strategy – enabling smarter and conscious resource planning and usage with advanced metering analytics
The Company focuses on assisting utilities in saving and optimizing resources, both public and organizational. The aim is to help utilities to take better control of their resources while making the digital transformation less overwhelming.
The Company is responsible for management, environments, integrations, and processes of:
• MainHive – cloud platform utilizing smart tech aimed at secure data collection and automatization
• MainNET – complete carrier-grade LoRa-based network infrastructure product
IT Support, marketing
and finance service are performed by the Company.
The
organization’s management to protect and preserve the important information of
its business and its customers and to prevent any confidential information
disclosure, intentional or unintentional alteration, as well as to protect its
assets, to ensure the quality management of business processes, has implemented
a Management System (hereinafter – MS) in accordance with ISO/IEC 27001: 2022, ISO/IEC 27001:2022, ISO
27002:2022; ISO 9001:2015, ISO 9001:2015/AMD1:2024 and the rules
of General Data Protection Act (GDPR) in Europe.
The Company’s MS
is applicable to the following areas of the business:
MainHive application
and platform management, environments, and integrations. MainNET integrations,
processes, and device management. Sales management.
The Company’s is
planned, implemented, monitored, and continuously improved in accordance with
standards ISO/IEC
27001: 2022, ISO/IEC 27001:2022, ISO 27002:2022; ISO 9001:2015, ISO
9001:2015/AMD1:2024 requirements.
Management
system is operating at the following address:
Ozo str. 12A-1,
LT-08200, Vilnius, Lithuania
The scope is based according to internal and external threats and risks, interested parties’ requirements such as consumers, legislators, regulators, shareholders, community, media, certification bodies, competitors, supervisory and control authorities according to national requirements, owners and neighbours in the building, top management, suppliers, employees, international partners.
The Scope:
MainHive application and MainHive platform management, environments, and integrations. MainNET integrations, processes, and device management. Sales management.
Exceptions:
1. A.14.1.2 The protection of application services on public networks does not apply because the organization does not provide application services over public networks.
Our approach to interested parties: customers, suppliers, controlling authorities is the identification of all expectations, needs, and we strive to transparently manage our activities and be mutually beneficial to each other. In order to achieve the goals, we cooperate with the interested parties: customers, suppliers; controlling authorities, we report on results for shareholders and company management. We incorporate everything into the value creation service. We strive to employ the best people and bring leadership to each phase of the lifecycle as we support our customers to plan, create, realize, and sustain. We are responsible for nature, environment, we ensure the safety and health of work and activity.