The security of information and information assets is regarded as fundamental for the successful business operation of CRIF Philippines.
Fully committed towards ensuring the Confidentiality, Integrity, and Availability of information, CRIF Philippines has adopted an Information Security Management System (ISMS) comprising of the information security policies, procedures, and a comprehensive risk management framework to effectively protect data/information of CRIF Philippines and its stakeholders including from security threats, whether internal or external, deliberate, or accidental.
The management of CRIF Philippines, including but not limited to employees, associates, and contract workers, is committed to:
-
Follow the Information Security Management System in all processes and technologies.
-
-
Provide information security awareness to all team members and continual improvement in information security in all our processes through regular review of our Information Security Management System.
-
Protect personal information in all its forms.
-
Adopt a systematic approach to risk assessment and risk treatment.
-
Comply with all regulatory, legal, and contractual requirements.
-
Comply with the provisions and compliance requirements of Republic Act No. 9510 (Credit Information System Act – CISA) wherever applicable and needed.
-
Maintain policies, controls, and practices to ensure continued adherence to RA 9510 (CISA), particularly regarding the protection, confidentiality, integrity, and lawful use of credit data.
-
Provide a comprehensive Business Continuity Plan encompassing the respective processes/departments.
-
Make information available only to authorized individuals on a need‑to‑know basis.