Terms & Conditions

General Policy for the Information Security Management System at BPR Universal is as follows:

  1. Information is one of the key assets in the business operations of the Company. Therefore, the confidentiality, integrity, and availability of information must be managed to ensure its security is maintained.

  2. The implementation of the Information Security Management System in the Company refers to the ISO/IEC 27001:2022 standard and applicable laws and regulations.

  3. Top management of the Company consistently demonstrates leadership and commitment in implementing the Information Security Management System within the organization.

  4. The information security policy must be communicated to all employees and relevant third parties through available communication channels to ensure it is easily understood and complied with.

  5. The Company continuously strives to enhance awareness, knowledge, and skills related to information security for both internal employees and related external parties.

  6. The Company conducts assessments and manages risks related to information security based on the vulnerabilities and threats that exist in each asset or process.

  7. If there are vulnerabilities and threats that may disrupt information security, all relevant parties are required to report them to the Chief Information Security Officer (CISO) or a member of the ISMS Team.

  8. All leaders at every level are responsible for monitoring and evaluating the effectiveness of this policy's implementation within the work units/departments under their supervision.

  9. All employees are responsible for safeguarding and protecting the security of information assets and complying with the established information security policies and procedures.

  10. Any violation of this policy or related policies will be subject to administrative sanctions, such as revocation of access rights to information systems and/or other disciplinary actions in accordance with applicable regulations.

  11. The organization is committed to continually improving the implementation of the Information Security Management System


    Technical policies and procedures will be developed separately and established by referring to the principles outlined in this policy statement.