Information Security

Information Security Statement

At Universal Life Insurance Public Company Ltd, we recognize the importance of safeguarding our information assets by prioritizing information security and data privacy. We have proactively established, implemented, and maintained an Information Security Management System (ISMS) in accordance with industry best practices and legal requirements (GDPR and EIOPA guidelines) covering all business services, functions, and activities. To show our commitment to information security we have proceeded and certified our ISMS against the acclaimed international standard ISO 27001:2013.

Our focus is on safeguarding customer data, continuously improving, and adhering to both existing and new directives and frameworks to maintain the highest standards of information security and data protection.

Our goal, as outlined in our Information Security Policy, is to shield the Company’s assets from both internal and external threats, whether intentional or unintentional. The objectives of our ISMS are to:

  • Safeguard the confidentiality of the information processed and maintained by our Company to protect sensitive information against unauthorized access, disclosure, or alteration. Access to confidential data is granted only to authorized personnel on a need-to-know basis.
  • Ensure the integrity of the information maintained by our Company by implementing appropriate controls to prevent unauthorized modification or deletion of data to preserve accuracy and reliability.
  • Promote the availability of information and information systems to authorized users to ensure the continuity of our business operations.
  • Create an information security culture by providing ongoing training to employees to raise awareness of information security risks and promote good security practices.
  • Assign clearly defined information security responsibilities to people within the Company to ensure the effective management and governance of the ISMS.
  • Implement and maintain technical and physical security controls to minimize the likelihood of information security incidents.
  • Conduct regular information security assessments to identify vulnerabilities and areas of improvement and to evaluate the ISMS performance and effectiveness.
  • Update our information security policies and procedures as necessary to address emerging threats and the evolving technology and business landscape.
  • Ensure the procedures for detecting, responding to, and reporting of information security incidents are effective and the risk treatment plans are appropriate to minimize impact and prevent recurrence.
  • Safeguard the reputation of our company.

This Statement and the Information Security Policy is endorsed by the Company’s management and is communicated to all employees, agents, contractors, and other third parties who are expected to always comply with their guidelines and contribute to the protection of our information assets.

Evan Gavas

CEO