Information Security Policy

Information Security Policy

UNIFREE Executive Management is committed to the establishment and operation of all requirements in ISO / IEC 27001 to fulfil the objectives and policies of the institution in the ISMS process. UNIFREE Executive Management undertakes to comply with the published and implemented Information Security Management System and to allocate the necessary resources and necessary infrastructure investments for the efficient operation of the system, to continuously improve the efficiency of the process and to ensure that it is understood by all employees.

In line with the requirements of the ISO 27001 Information Security Management System, we are committed to ensuring that the products and services we offer are met with the needs and expectations of our customers, and that our employees, customers, suppliers and business partners information are properly protected by our risk-based thinking approach.

The purpose of this Information Security Policy, which has been approved by the UNIFREE Chief Executive Officer / CEO;

  • Protect the information assets of the organization against any kind of threats that may occur, inside or outside, on purpose or unintentionally,
  • Ensure confidentiality and integrity of the corporate information against the unauthorized access,
  • Provide availability of information with business processes as required,
  • Meet the legal legislation requirements,
  • Prepare, maintain, and test business continuity plans,
  • Conduct regular security awareness training activities to all staff,
  • Conduct risk analysis in order to ensure the effective management of the Information Security Management System,
  • Develop an efficient and effective information security risk management approach to eliminate or reduce risks that may be affecting assets and allocate necessary resources to track and mitigate information security risks to an acceptable level.
  • Report all the actual or suspicious gaps in information security to the Information Security Manager and to ensure that they are investigated by the Information Security Manager,
  • Meet business requirements for information availability and information systems,
  • Make the processes within the scope compatible with the Information Security Management System,
  • Continually improve the Information Security Management System by setting security control objectives and performing regular audits and reviews.