Privacy And Information Security Management System Policy

Privacy and Information Security Management System is a serious and intended effort, and we are committed to identifying, evaluating, and assessing the risk for all critical information assets with consideration of statutory and regulatory requirements, and prepare and follow the risk treatment plan to meet the privacy and information security management system requirements.

The Senior Management Team and all the employees are committed to adhering to and usher towards continual improvement of the Information Security & Privacy Management System in accordance with its strategic business objectives.

We shall continuously provide training and awareness, improve the Information Security & Privacy Management System to reduce business risks, and our entire management team is committed to providing all resources to protect customer information and safeguard information assets. We strive to keep our team members updated with the latest professional knowledge.

The Objective of Information Security & Privacy Management:

Information is only accessible to authorised persons – internal or external.
Confidentiality, Integrity and Availability of Information for meeting all business requirements shall be ensured.
Business continuity plans are established, planned and tested.
Information security awareness shall be enhanced among all staff and relevant external parties.
All breaches of information security, privacy breaches, actual or suspected, shall be reported to the CISO & Privacy Officer and investigated by the Information Security Steering Committee.
The applicable regulatory and legislative requirements are fulfilled.
Information Security & Privacy Risk Assessment shall be performed periodically, and information security controls to mitigate the identified risks shall be implemented.
All critical infrastructure and applications are subjected to Vulnerability Assessment and Penetration Testing periodically.
Protection of PII and managing privacy controls as per applicable regulation.

The management at the befree group ensures that this policy is communicated, understood, implemented and maintained at all levels of the organisation.