INFORMATION SECURITY POLICY
1.0 INTRODUCTION
Information is one of Unitrust Insurance Company Limited (herein referred to as Unitrust) most valuable asset. It is therefore important that the organization’s information and its related technologies are jealously guarded, protected, and secured thereby managing organizational risk to ensure sustainability and profitability.
2.0 PURPOSE
The purpose of this policy is to ensure that Unitrust has a secured operating environment for its business operations. Information and information systems are recognized as an asset and are managed accordingly to ensure their integrity, security, and availability.
3.0 SCOPE
This Information Security Policy applies to all Unitrust's staff, consultants, contractors and any third party with access to Unitrust information assets.
4.0 POLICY
Unitrust is committed to the security of her information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of information security processes and controls to protect the organization’s information assets against all threats.
This policy requires:
- The confidentiality, integrity and availability of Unitrust information assets will be assured and maintained.
- Information assets will be protected against unauthorized access.
- Compliance with applicable legislative and regulatory requirements in the usage of information assets
This Information Security Policy states the management commitment and sets out the approach to the protection of Unitrust information assets against all internal, external, deliberate, or accidental threats.
5.0 OBJECTIVES
Based on the requirements and factors set out in this document, the following major objectives are set for information security:
- Objective 1 -Protect 90% of customers’ confidential information, as well as the integrity, and availability of Unitrust’s information assets.
- Objective 2 - Improve information security awareness culture across Unitrust by 90%.
- Objective 3- Provide assurance of information systems resilience- 99.6% availability
- Objective 4- * Ensure 95% percent compliance with Unitrust Insurance Co. Ltd contractual,regulatory, and legal requirements.
The success of the ISMS will be judged on its ability to meet these overall objectives.
INCIDENT REPORTING
If any employee or third-party personnel is aware of an information security incident, then they must report it through the designated email (infosec@unitrustinsurance.com) for incident reporting.
6.0 RESPONSIBILITY
All parties who require access to Unitrust information and associated assets will comply to and ensure that this policy is adhered to.