Information is one of Unitrust Insurance Company Limited (herein referred to as Unitrust) most valuable asset. It is therefore important that the organization's information and its related technologies are jealously guarded, protected and secured thereby managing organizational risk to ensure sustainability and profitability.
The purpose of this policy is to ensure that Unitrust information and information systems are recognized as a valuable asset and are managed accordingly to ensure their integrity, security and availability.
This Information Security Policy applies to all Unitrust's Shareholders, Board of Directors, and employees with access to Unitrust information assets.
Unitrust top management is committed to the security of her information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of information security processes and controls to protect the organization's information assets against all threats.
This policy requires:
This Information Security Policy states the management commitment and sets out the approach to the protection of Unitrust information assets against all internal, external, deliberate, or accidental threats.
Based on the requirements and factors set out in this document, the following major objectives are set for information security:
The success of the ISMS will be judged on its ability to meet these overall objectives.
All employees and third parties who require access to Unitrust information and associated assets are responsible for ensuring that this policy is adhered to. Management at all levels are responsible for ensuring that employees and third parties are aware of, and adhere to, this policy.
If any employee or third-party personnel is aware of an information security incident, then they must report it through the designated email (infosec@unitrustinsurance.com) for incident reporting.
Supporting policies have been developed to strengthen and reinforce this policy statement. These, along with associated codes of practice, procedures and guidelines are published together and are available for viewing on Unitrust intranet.
All employees and any third parties authorized to access Unitrust network or computing facilities are required to familiarize themselves with these supporting documents and to adhere to them.
A regular cycle will be used for the setting of objectives for information security, to coincide with the budget planning cycle. This will ensure that adequate funding is obtained for the improvement activities identified. These objectives will be based upon a clear understanding of the business requirements, informed by the management review process during which the views of relevant interested parties may be obtained.