Information Security Policy
INFORMATION SECURITY POLICY
PURPOSE
The purpose of this policy is to ensure that Unitrust information and information systems are recognized as a valuable asset and are managed accordingly to ensure their integrity, security and availability.
SCOPE
This Information Security Policy applies to all Unitrust's Shareholders, Board of Directors, and employees, vendors and other parties with access to the organisation’s information assets.
POLICY
Unitrust top management is committed to the security of her information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of information security processes and controls in compliance with ISO/IEC 27001:2022 to protect the organization’s information assets against all threats.
OBJECTIVES
Based on the requirements and factors set out in this document, the following major objectives are set for information security:
- Objective 1 - Protect customers’ confidential information, as well as the integrity, and availability of information assets.
- Objective 2 - Improve information security awareness culture among stakeholders.
- Objective 3- Provide assurance of information systems resilience.
- Objective 4- Ensure compliance with contractual, regulatory, and legal requirements in providing services and operations.
RESPONSIBILITY
All employees and third parties who require access to Unitrust information and associated assets are responsible for ensuring that this policy is adhered to. Management at all levels are responsible for ensuring that employees and third parties are aware of, and adhere to, this policy. If any employee or third-party personnel is aware of an information security incident, then they must report it through the designated email (infosec@unitrustinsurance.com) for incident reporting