The purpose of this policy is to ensure that Unitrust information and information systems are recognized as a valuable asset and are managed accordingly to ensure their integrity, security and availability.
This Information Security Policy applies to all Unitrust's Shareholders, Board of Directors, and employees, vendors and other parties with access to the organisation’s information assets.
Unitrust top management is committed to the security of her information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of information security processes and controls in compliance with ISO/IEC 27001:2022 to protect the organization’s information assets against all threats.
Based on the requirements and factors set out in this document, the following major objectives are set for information security:
Unitrust top management is committed to the security of her information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of information security processes and controls to protect the organization’s information assets against all threats.
Unitrust Insurance Co. Ltd’s top management is committed to the confidentiality, integrity and availability of her information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of an information security program to protect the organization’s information assets against all threats.
The Organization is committed to managing information risks and the protection of all organizational assets and shall implement measures through an information security program to protect against breaches of confidentiality, failures of integrity or interruptions to the availability of its information assets.
Unitrust Insurance Co. Ltd is committed to the continual improvement of its information security program and shall comply with all applicable legal, regulatory, and contractual requirements related to information security in her services and operations.
All users and custodians of information assets owned by or entrusted to Unitrust Insurance Co. Ltd shall comply with this policy and exercise a duty of care in relation to the storage, processing, and transmission of the organization’s information and information systems.
Non-compliance with this policy could pose significant business risk to Unitrust Insurance Co. Ltd. Therefore, compliance with this policy is mandatory.
If any employee or third-party personnel is aware of an information security incident, then they must report it through the designated email (infosec@unitrustinsurance.com) or through the ServiceDesk portal for incident reporting.
