Our Information Security Policy
Our Information Security Policy

Our Information Security Policy

To achieve the company goals and policies of ISMS, UNIFREE Senior Management undertakes to establish and operate stores that meet all the requirements of ISO/IEC 27001, to comply with the published and implemented Information Security Management System, and to allocate the resources and infrastructure investments needed for the efficient operation of this system, to continuously improve the effectiveness of the process and to ensure that this is understood by all employees.

In accordance with the requirements of ISO 27001 Information Security Management System, thanks to our processes based on a risk-based approach that we constantly improve, we undertake and guarantee that the products and services we offer meet the needs and expectations of our customers, and that the data of our employees, customers, suppliers and business partners are well-protected.

The purpose of this Information Security Policy, approved by UNIFREE Chief Executive Officer / CEO is:

  • to protect the information property of the organization against any threats to occur from inside or outside, knowingly or unknowingly,
  • to provide protection against access by unauthorized persons who may attempt to damage the confidentiality and integrity of information,
  • to ensure accessibility to information as required by business processes,
  • to meet legal requirements,
  • to prepare, maintain and test business continuity plans,
  • to ensure the participation of all employees in information security training and ISMS awareness,
  • to carry out risk analysis studies in order to ensure effective management of the Information Security Management System,
  • to carry out risk assessment, risk analysis and risk processing studies to manage information security risks, and to develop necessary measures and to work to prevent possible risks,
  • to report all existing or suspicious vulnerabilities in information security to the Information Security Manager and to ensure that they are investigated by the Information Security Manager,
  • to meet business requirements for information accessibility and information systems,
  • to make the processes within the scope compatible with the Information Security Management System,
  • to periodically review the success of our information security management system in achieving the intended results and to ensure that the necessary improvements are implemented in a timely manner.