Security and Intellectual Property Protection

Security makes a fundamental part of MERA's business. Resulting from its strong and invariable customer focus, MERA takes a systematic and comprehensive approach to security, which has led to creation of a solid security management framework. Not only does MERA protect its own business critical systems and confidential information, the company also spares no effort in safeguarding its customers' information security, intellectual property, and business reputation.

In its endeavor to meet customer security requirements, MERA Networks has committed itself to upholding the highest information security levels. MERA follows its own thoroughly documented security policy, with information security enforcement procedures and practices modeled on the ISO 17799 (BS 7799) Information Security Management Standard guidelines. The MERA Information Security System undergoes regular internal reviews and external customer security audits with regard to BS 7799 Standard requirements.

MERA's top security concerns are shaped in line with our customers' business objectives and include:

• Information Security (IS);
• Protection of intellectual property of both MERA and its business partners (IP Protection);
• Personnel security awareness training;
• Physical security and access control;
• Critical business processes continuity.

Information Security

MERA Information Security Policy imposes stringent requirements on acceptable use of all data and equipment owned by MERA and our business partners. The building blocks of the MERA Information Security System are:

• Effective control over access to data, resources and equipment;
• Personnel training procedures ensuring high information security awareness;
• Effective control over physical access to MERA premises;
• On-going interaction with customer in regards to information security requirements and issues;
• Effective business continuity planning, which ensures uninterrupted performance of business critical processes.

IP Protection

All MERA personnel and affiliates having access to business critical information (data, documentation, software etc.) commit themselves to appropriate use of such confidential information that belongs or pertains to another party and is entrusted to MERA under business partnership contracts.

IP protection guidelines are incorporated in corresponding job descriptions, appropriate information security enforcement procedures and NDAs to be signed by every employee upon employment with MERA. Under these instructions, the MERA staff must keep confidential all work-related information, data, software, and documents and surrender all such materials upon termination of service engagement to the employer.

Personnel Security Awareness Training

We at MERA fully realize that human factor is the key to providing an adequate and appropriate level of security. Thus, MERA's Information Security Team engages in an on-going personnel security training program to ensure that all employees are aware of information security threats and concerns and are capable of effectively applying the MERA IS Policy.

The MERA staff involved in using and managing information and technology resources owned by the company and its partners undergo training to ensure they:

• Understand the company's security policy, procedures, and practices;
• Are aware of the information security within the company;
• Understand their roles and responsibilities related to information security;
• Have adequate knowledge of management, operational, and technical controls for IP Protection enforcement within their respective areas of responsibility.

Physical Security and Access Control

The MERA security team provides uninterrupted control over physical security at the company's R&D facilities:

• Work spaces, labs and server rooms are located in dedicated project areas designed to support smooth software R&D activities in a controlled and secure environment;
• Restricted access areas are well protected to safeguard mission critical systems and intellectual property of both MERA and its business partners from unauthorized access.

Business Continuity Management

MERA runs a well-established business continuity management process to identify and reduce security risks, prevent business disruptions and security failures, and ensure fast recovery from disasters. For this purpose, MERA has developed and actively pursues a Business Continuity Plan (BCP), with an on-going framework of BCP reviews, real time emergency and disaster recovery tests conducted both internally and jointly with customers.

The MERA Business Continuity Plan provides for:

• Availability of mechanisms and preventative measures to ensure business continuity;
• Defining business critical processes/applications/hardware;
• Business Impact Analysis for risk analysis and recovery planning;
• Disaster recovery planning and a process for computer system/business processes/facilities recovery.