Privacy And Information Security Management System Policy

Privacy and Information Security Management System is a serious and intended effort and we are committed to identify, evaluate, and assess the risk for all critical information assets with consideration of statutory and regulatory requirements, and prepare and follow the risk treatment plan to meet the privacy and information security management system requirements.

The Senior Management Team and all the employees are committed to adhere to, and usher toward continual improvement of Information Security & Privacy Management System in accordance with its strategic business objectives.

We shall continuously provide training and awareness, improve the Information Security & Privacy Management System to reduce business risks and our entire management team is committed to provide all resources to protect customer information and safeguard information assets. We strive to keep our team members updated with the latest professional knowledge.

The Objective of Information Security & Privacy Management:

• Information is only accessible to authorized persons – internal or external.
• Confidentiality, Integrity and Availability of Information for meeting all Business requirements shall be ensured.
• Business Continuity plans are established, planned and tested.
• Information security awareness shall be enhanced among all the staff and relevant external parties.
• All breaches of information security, privacy breaches, actual or suspected, shall be reported to CISO & Privacy Officer and investigated by the Information Security Steering Committee.
• The applicable regulatory and legislative requirements are fulfilled.
• Information Security & Privacy Risk Assessment shall be performed periodically and implement information security controls to mitigate the identified risks.
• All critical infrastructure and applications are subjected to Vulnerability Assessment and Penetration Testing periodically. 
• Protection of PII and managing privacy controls as per applicable regulation.

The management at Befree group ensures that this policy is communicated, understood, implemented and maintained at all levels of the organization.