Skip to Content
Leadership CommitmentRisk-Based Security ApproachEnterprise Data SecurityIdentity and Access Management (IAM)Infrastructure, Application, and Web SecurityCloud and SaaS SecurityData Protection and SecurityThird-Party and Supply Chain Risk ManagementBusiness Continuity and Incident ResponseEmployee Awareness and CultureCompliance and Continuous ImprovementOur Commitment


At Mr.Opticals, we believe that cybersecurity is fundamental to safeguarding our people, systems, data, and reputation. As a responsible and digitally enabled enterprise, we are committed to maintaining the highest standards of information security across our global operations. 

We have implemented a robust Information Security Management System (ISMS) aligned with internationally recognized standards (such as ISO/IEC 27001), covering people, processes, and technology. This policy outlines our key cybersecurity principles and affirms our dedication to protecting the interests of our stakeholders. 

Leadership Commitment

We maintain strong governance and oversight of our cybersecurity posture through executive sponsorship, Board-level visibility, and regular risk and performance reviews. Cybersecurity is integrated into our strategic decision-making.

Risk-Based Security Approach

We follow a proactive, risk-centric approach to identify, assess, and manage cyber threats. Regular risk assessments are conducted to ensure proportionate security measures are in place and adaptive to emerging threats and changes in the business environment. 

Enterprise Data Security

We recognize data as a core asset. Our data security practices include encryption of sensitive data (both at rest and in transit), robust data classification, data loss prevention mechanisms, and stringent access controls. Data lifecycle governance ensures that data is used, retained, and disposed of securely and responsibly.

Identity and Access Management (IAM)

Access to systems and information is governed by principles of Least Privilege, Need-to-Know, and Just-in-Time (JIT) access provisioning. We enforce strong authentication, privileged access management, and continuous access reviews to minimize risk and prevent unauthorized access.

Infrastructure, Application, and Web Security

Our IT infrastructure is secured using layered controls and continuously monitored for vulnerabilities. Applications—whether internal or customer-facing—undergo secure design, secure coding, and rigorous security testing, including penetration testing. Web properties are protected against common threats through technical safeguards and adherence to secure development lifecycle (SDLC) practices. A comprehensive vulnerability management program ensures timely identification, prioritization, and remediation of weaknesses.

Cloud and SaaS Security

We adopt a shared responsibility model with cloud and SaaS providers to ensure security across infrastructure, platform, and application layers. Our cloud security posture includes encryption, access governance, configuration hardening, activity monitoring, and compliance with applicable regional regulations. SaaS applications are assessed for risk and integrated securely within our enterprise ecosystem.

Data Protection and Security

We are committed to protecting all data, including personal data and comply with applicable global data security, protection standards & laws. Our data protection practices ensure secure handling, storage, transmission, and disposal of data through appropriate technical and organizational controls. We protect data across our global operations and continuously strengthen our security measures to address evolving risks. 

Third-Party and Supply Chain Risk Management

We evaluate the security posture of third-party vendors and partners as part of our onboarding and ongoing monitoring processes. Contracts and engagements include clearly defined cybersecurity obligations.

Business Continuity and Incident Response

We maintain well-tested business continuity, disaster recovery, and cybersecurity incident response plans. These ensure that we can swiftly detect, contain, and recover from disruptions and security incidents while minimizing impact and learning from each event.

Employee Awareness and Culture

Cybersecurity is a shared responsibility. We foster a culture of security awareness through mandatory training, simulated exercises, and continuous engagement across all levels of the organization.

Compliance and Continuous Improvement

We comply with applicable cybersecurity, data protection, and IT regulations in the jurisdictions we operate. Our ISMS is subject to internal audits, external assessments, and continuous maturity evaluation to ensure relevance, effectiveness, and resilience.

Our Commitment

We are committed to maintaining the trust of our customers, employees, investors, and partners by ensuring the confidentiality, integrity, and availability of information. Cybersecurity is not just a technical function, it is a core enabler of our business continuity, innovation, and sustainability goals. 

For more information or to report a concern, please contact us at csindia@mropticals.com