Purpose
This information security policy defines the framework within which information security will be managed across The National Information Technology Development Agency (NITDA) and demonstrates management commitment and support for information security throughout the organization. This policy is the primary policy from which all information security related policies emanate.
This policy is applicable to all NITDA personnel, contractors, vendors and other parties, and covers all information entrusted to or owned by NITDA and stored, processed, or transmitted on the organizations information systems and operated by the organization
Information Security Objectives
NITDA has set the following major information security objectives:
1. To achieve at least 90% protection coverage of NITDA’s critical information assets and strategic processes.
2. To increase security awareness and adherence to policy among internal stakeholders by achieving 80% pass rate on annual information security awareness training and phishing simulation exercises.
3. To maintain a 90% or higher staff satisfaction rate on information security governance through annual surveys and feedback.
Information Security Policy
NITDA is committed to the confidentiality, integrity and availability of It’s information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of an information security program in compliance with ISO/IEC 27001:2022 to protect the organization’s information assets against all threats.
All users and custodians of information assets owned by or entrusted to NITDA shall comply with this policy and exercise a duty of care in relation to the storage, processing, and transmission of the organization’s information and information systems.
NITDA shall comply with all applicable legal, regulatory and contractual requirements related to information security in her services and operations.
This information security policy states management’s commitment and establishes the framework for the actualization of NITDA security objectives and is the primary policy from which all NITDA information security related policies emanated.