It is the policy of SOLIDARITY FIRST INSURANCE to ensure that appropriate controls and countermeasures are in place to safeguard the confidentiality, integrityand availability of

corporate and client data, as well as the information systems, services and assets of SOLIDARITY FIRST INSURANCE. The purpose of the policyis to protect SOLIDARITY FIRST

INSURANCE’s information assets from all threats, whether internal or external, deliberate or accidental.

1.       SOLIDARITY FIRST INSURANCE is committed to protect its information assets, people, intellectual property, computer systems, data and equipment from all threats, whether internal or external, deliberate or accidental in a cost-effective manner. This should be achieved with minimum inconvenience    to authorized users and against threats to the level of service required by SOLIDARITY FIRST INSURANCE to conduct its business.

2.       SOLIDARITY FIRST INSURANCE is committed to protecting information assets from unauthorized access.

3.       SOLIDARITY FIRST INSURANCE is committed to comply with regulatory and legislative requirements.

4.       SOLIDARITY FIRST INSURANCE is committed to provide information security training and awareness for their staff, to enhance their competency and to engage the staff for encouraging the improvement of information security.

5.       SOLIDARITY FIRST INSURANCE shall adopt ISO 27001 Information Security Management System (ISMS) as a tool to implement a formal system for protecting the confidentiality, integrity and availability of information.

6.       Information Security should be aligned with SOLIDARITY FIRST INSURANCE strategic direction and business objectives.

7.       Information security risks shall be managed based on SOLIDARITY FIRST INSURANCE Risk Management Methodology.

8.       SOLIDARITY FIRST INSURANCE is committed to continually improve its ISMS and information security capabilities.

9.       SOLIDARITY FIRST INSURANCE is committed to satisfy the expectations and requirements of interested parties.

10.   SOLIDARITY FIRST INSURANCE will control and restrict access to information assets based on need-to-know and least privilege principles.

11.   SOLIDARITY FIRST INSURANCE is committed to meeting all Information Security requirements from our clients and the provision of the necessary resources to achieve this.

12.   SOLIDARITY FIRST INSURANCE is committed to encouraging Information Security improvements by engaging with our employees and enhancing their competences.

13.   SOLIDARITY FIRST INSURANCE will continually review this policy and its information security performance to ensure it improves over time.

14.   Objectives relating to information security performance will be set annually and monitored/reviewed by the Information Security Management System Committee (ISMSC).

15.   This policy is available to all our customers and relevant interested parties and our employees are made aware of our commitment and the contents of this policy.

16.   SOLIDARITY FIRST INSURANCE is committed to treat and resolve security incidents and discovered vulnerabilities in a manner commensurate with their impact level.

17.   All managers are directly responsible for implementing the ISMS Policy, and for adherence by their staff.

18.   Compliance with this policy and all other supporting policies, standards, and procedures is mandatory for all relevant staff and third parties. Violation of this policy or any other IS policies, standards, or procedures will result in corrective action by management. Disciplinary action will be commensurate with the severity of the violation, as determined by an investigation, and as deemed appropriate by management.

19.   SOLIDARITY FIRST INSURANCE Information Security Management System Steering Committee (ISMS-SC) delegate the authority for ISMS manager to create standards, procedures and guidelines that implement this policy.

20.   Information Security Management System Steering Committee (ISMS-SC) is the owner of this policy. Any changes or updates to the document shall be explicitly approved by the committee.