ISO 27001 and ISO 27017
Freedom Systems introduces the international information security standards ISO 27001 and ISO 27017 to demonstrate professional service capabilities and determination.
Information Security Policy of the Freedom Systems Co., Ltd. By introducing ISO 27001 Information Security Management System and ISO 27017 Cloud Service Information Security Management System, the company demonstrates its determination on information security management and governance for the enterprise information outsourced service. The following is the company's information security policy, which is provided for the reference of the internal and external stakeholders of the company's maintenance and operation ISMS:
This policy is formulated by Freedom Systems Co., Ltd. to ensure the confidentiality, integrity, availability, and legitimacy of information assets (including those required to provide cloud services), avoid internal and external intentional or accidental threats, reduce business damage, enhance the interests of the business and ensure the sustainable operation of the business.
Scope of application
The scope of application of this policy covers the company's information assets (including renting or providing public cloud services), all personnel of the company, including but not limited to full-time, contracted and various types of personnel, and manufacturers and their employees, visitors, etc. who have business dealings with the company, shall abide by this policy.
Information Security Objectives
- Ensure the confidentiality of the company's information assets, and prevent unauthorized access to digital assets.
- Ensure the integrity of the company's information assets, and prevent unauthorized changes or incorrect contents of information assets.
- Ensure the availability of the company's information assets, and maintain the continuous operation of the businesses that rely on information systems.
- Ensure that the company's information operations comply with relevant laws and regulations (including but not limited to the protection of personal data and intellectual property) and contractual requirements.
The aforementioned information security objectives are reviewed at least once a year to make sure that they comply with relevant laws and regulations and the current development of information business, and adjustment and amendment are conducted when necessary.