1. Commitment to Information Security
Cryptobarrel UAB (“Cryptobarrel” or the “Company”) is committed to maintaining a high level of information security across its business operations. Protecting information assets, systems, and infrastructure is a fundamental part of the Company’s governance and risk management framework.
Cryptobarrel recognizes the importance of safeguarding information against unauthorized access, loss, misuse, alteration, or disruption and applies appropriate technical and organizational measures to mitigate information security risks.
2. Information Security Management System (ISMS)
Cryptobarrel operates under an Information Security Management System (“ISMS”) aligned with the international standard ISO/IEC 27001:2022, which establishes globally recognized requirements for managing information security risks.
The ISMS provides a structured, systematic, and risk-based framework for identifying, assessing, and addressing information security risks across the Company’s operations. It supports the establishment, implementation, operation, monitoring, review, maintenance, and continual improvement of information security controls.
Cryptobarrel’s ISMS is designed to support:
- the protection of information confidentiality, ensuring that sensitive information is accessible only to authorized individuals;
- the preservation of information integrity, safeguarding the accuracy, completeness, and reliability of data and systems;
- the maintenance of system and operational availability, ensuring that information and services remain accessible when required for business purposes;
- accountability and secure management of information assets throughout their lifecycle.
The ISMS integrates governance, risk management, and operational controls into the Company’s broader management framework and supports compliance with applicable legal, regulatory, and contractual obligations.
Cryptobarrel is committed to maintaining and continuously enhancing its ISMS to ensure that security measures remain appropriate to the Company’s activities, technological environment, and evolving threat landscape.
3. Risk-Based Security Approach
Cryptobarrel applies a structured and risk-based approach to information security management in accordance with the principles of ISO/IEC 27001. The Company recognizes that effective information security requires the identification, evaluation, and management of risks that may affect the confidentiality, integrity, or availability of information and systems.
Security controls and safeguards are implemented in proportion to the nature and level of identified risks and are aligned with the Company’s operational requirements, business objectives, and applicable legal and regulatory expectations. This approach ensures that security measures are appropriate, practical, and responsive to the Company’s risk profile.
Information security risks are regularly assessed and monitored as part of the Company’s governance and risk management processes. Where risks are identified, appropriate mitigation measures are implemented, monitored, and reviewed to ensure their ongoing effectiveness.
Cryptobarrel remains attentive to changes in technology, operational processes, and the broader threat environment and adapts its security controls accordingly to maintain a resilient and secure operating environment.
4. Governance and Responsibilities
Information security governance is integrated into Cryptobarrel’s overall management and risk framework. The Company recognizes that effective information security requires clear oversight, defined accountability, and structured coordination across the organization.
Roles and responsibilities for information security are formally defined to ensure appropriate ownership of security-related processes and controls. Accountability for protecting information assets is embedded within operational and management functions, and oversight mechanisms are in place to support the consistent application of security requirements.
Cryptobarrel ensures that personnel understand their responsibilities in relation to information security and are expected to comply with internal security policies, procedures, and applicable legal requirements. Individuals with access to Company systems and information are required to exercise due care and to contribute to maintaining a secure and controlled operating environment.
Information security governance supports decision-making, risk management, and compliance activities and forms an integral part of the Company’s broader corporate governance structure.
5. Third-Party Risk Management
Cryptobarrel recognizes that third-party service providers, vendors, and external partners may support certain aspects of its operations. The Company is committed to ensuring that relationships with suppliers are managed responsibly and in a manner consistent with its information security and compliance standards.
Cryptobarrel applies a risk-based approach when engaging and managing third parties. The level of assessment and oversight is proportionate to the nature of the services provided, the sensitivity of the information involved, and the potential impact on the Company’s operations and security posture.
Where appropriate, Cryptobarrel evaluates suppliers with respect to relevant security, confidentiality, and data protection considerations. This may include reviewing contractual safeguards, information security practices, regulatory obligations, and the adequacy of technical and organizational measures implemented by the third party.
The Company expects its service providers to comply with applicable legal requirements and to maintain appropriate safeguards to protect information against unauthorized access, disclosure, alteration, or loss. Security and confidentiality obligations are incorporated into contractual arrangements where relevant.
Cryptobarrel monitors third-party relationships as appropriate to ensure continued alignment with its security and governance standards.
6. Continuous Improvement
Cryptobarrel is committed to the continual review and enhancement of its information security practices to ensure their ongoing effectiveness and relevance. The Company recognizes that information security is an evolving discipline that requires regular assessment and adaptation in response to changes in technology, business operations, regulatory expectations, and the broader threat landscape.
As part of its Information Security Management System, Cryptobarrel periodically evaluates its controls, policies, and procedures to verify that they remain appropriate to the Company’s risk profile and operational environment. Where opportunities for improvement are identified, the Company takes reasonable steps to strengthen its controls and governance framework.
This commitment to continuous improvement supports Cryptobarrel’s objective of maintaining a resilient, secure, and well-managed information environment in alignment with applicable legal, regulatory, and industry standards.