# Information Security Management System Scope Document

## Purpose, Scope and Users <a href="#id-2.-purpose-scope-and-users" id="id-2.-purpose-scope-and-users"></a>

The Board is committed to protect and preserve the important information of its business and its customers and to prevent any confidential information disclosure, intentional or unintentional alteration, as well as to protect its Information Assets, has implemented an Information Security Management System (hereinafter - ISMS) in accordance with ISO/IEC 27001:2022(E) and the rules of General Data Protection Act (GDPR) in Europe and California Consumer Privacy Act (CCPA) in USA. The purpose of this Document is to clearly define the boundaries of the Information Security Management System (ISMS) in Corporate Group.

Document is applied to all documentation and activities within the ISMS.

Users of this document are members of the Board, members controlling implementation of the ISMS, and all Employees within Corporate Group.

Interested parties of ISMS include:

* Employees,
* Shareholder of the Corporate Group,
* Clients,
* Suppliers and partners.

## Review of Services in Scope <a href="#id-3.-review-of-services-in-scope" id="id-3.-review-of-services-in-scope"></a>

EClaim is software platform for claims administration. This platform provides an functionality to control the entire claim process, from registration of the claim to settlement with the customer and the insurance company.

EClaims API is a collection of tools, know-how, and infrastructure for building best claims administration platform for any needs.

## Definition of ISMS scope <a href="#id-5.-definition-of-isms-scope" id="id-5.-definition-of-isms-scope"></a>

The Corporate Group ISMS applies to the following areas of the business:

* Planning
* Design
* Development
* Implementation
* Maintenance
* Support
* Marketing
* Sales
* Processes

| Entity Name | Scope                                                                                                                                                                             |
| ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| EClaims LT  | <p></p><ul><li>Planning</li><li>Design</li><li>Development</li><li>Implementation</li><li>Maintenance</li><li>Support</li><li>Marketing</li><li>Sales</li><li>Processes</li></ul> |
| EClaims LV  | <p></p><ul><li>Planning</li><li>Design</li><li>Development</li><li>Implementation</li><li>Maintenance</li><li>Support</li><li>Marketing</li><li>Sales</li><li>Processes</li></ul> |
| EClaims EE  | <p></p><ul><li>Planning</li><li>Design</li><li>Development</li><li>Implementation</li><li>Maintenance</li><li>Support</li><li>Marketing</li><li>Sales</li><li>Processes</li></ul> |

ECLAIMS ISMS is planned, implemented, monitored and continuously improved in accordance with standards ISO/IEC 27001:2022

Locations in ISMS scope:

* EClaims, registration number 111545266, registration address Liudviko Zamenhofo str. 3, LT-06332, Vilnius

The scope is based according to internal and external threats and risks, interested parties requirements such as consumers, legislators, regulators, shareholders, community, media, certification bodies, competitors, supervisory and control authorities according to national requirements, owners and neighbours in the building, top management, suppliers, employees, international partners in Lithuania, Latvia, Estonia

## Organisation Structure <a href="#id-6.-organisation-structure" id="id-6.-organisation-structure"></a>

|           | ECLAIMS |         |
| --------- | ------- | ------- |
| Lithuania | Latvia  | Estonia |

## Exclusions From the Scope <a href="#id-7.-exclusions-from-the-scope" id="id-7.-exclusions-from-the-scope"></a>

Business, systems, and processes not related to EClaims software and service delivery.

## Document Management

The owner of this document is `Information Security Manager`, who must check and, if necessary, update the document at least once a year.

## Review And Update

This Document must be maintained in accordance with the [Information Security Policy](https://isms.ops24.eu/information-security-policy).