Skip to content
Language Switcher en
Page 91864455034 Data Security Policy | Unifonic//https://www.unifonic.com/en/data-security-policy
Log in Talk to an expert

At Unifonic, safeguarding customer data is paramount. Internationally recognized cybersecurity standards and best practices are meticulously followed to demonstrate dedication to robust information security management systems, including ISO 27001, ISO 27017, ISO 27018, CSA STAR Level 1, and SOC 2 Type I and II. These certifications and best practices ensure alignment with ISO standards and reflect a commitment to meeting CST requirements.

 

1. How Unifonic Protects Customer Data

Unifonic employs a comprehensive set of policies, processes, and technologies to mitigate risks to organizational data, aligning with industry best practices.

  • Comprehensive Information Security Management System (ISMS) Coverage: Spanning key areas such as Policies, Assets, Access, Cryptography, Operations, Communication, Physical Security, Business Continuity, HR, Product, Cloud Security, Supplier Relations, Vulnerability Management, and Incident Response.
  • Security Governance: A robust security governance framework aligns policies and procedures with industry best practices, establishing a solid foundation for data protection.
  • Business Resilience: Ensuring service continuity and data safety in the face of unexpected disruptions.
  • DevSecOps: Seamlessly integrating security throughout development, enabling proactive vulnerability identification and resolution.
  • Threat and Risk Assessment: Ongoing risk assessments proactively address security threats and vulnerabilities, reinforcing defense mechanisms against evolving risks.
  • Cyber Defense: Employing cutting-edge cybersecurity technologies and strategies to defend against evolving threats, keeping data safe from cyberattacks.
  • Transparent Policy Management: Ensuring transparency and accountability, information security policies and standards undergo annual management team review and approval.
  • Security Validation: Continuous monitoring and at least annual penetration testing provide real-time incident detection and vulnerability identification for added security.
  • Audit and Compliance: Regular, thorough audits confirm adherence to industry standards and regulations, assuring peace of mind.

 

2. Security Certifications and Reports

 

Dedicated to compliance with rigorous information security and privacy standards, including:

  • ISO 27001 - Information Security Management System (ISMS): An internationally recognized standard for establishing, implementing, and improving an ISMS, ensuring the confidentiality, integrity, and availability of sensitive information.
  • ISO 27017 - Cloud Security: ISO 27017 extends ISO 27001 to address cloud-specific security controls, guiding secure cloud service implementation and operation.
  • ISO 27018 - Personally Identifiable Information (PII) Protection in Public Clouds: ISO 27018 focuses on PII protection in public cloud environments, emphasizing privacy and security for personal data.
  • CSA STAR Level 2 - Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) Level 2: CSA STAR Level 2certification highlights our firm commitment to maintaining the security and integrity of our cloud services. This certification not only sets us apart in the market but also enhances our reputation as a secure and trustworthy organization..
  • SOC 2 Type I and II - Service Organization Control Reports: Independent auditors issue SOC 2 reports and evaluate an organization's controls related to security, availability, processing integrity, confidentiality, and customer data privacy. SOC 2 Type I focuses on the design of controls, while SOC 2 Type II evaluates their effectiveness over time.