Purpose
This information security policy defines the framework within which information security will be managed across The National Information Technology Development Agency (NITDA) and demonstrates management commitment and support for information security throughout the organization. This policy is the primary policy from which all information security related policies emanate.
This policy is applicable to all NITDA personnel, contractors, vendors and other parties, and covers all information entrusted to or owned by NITDA and stored, processed, or transmitted on the organizations information systems and operated by the organization
Information Security Objectives
NITDA has set the following major information security objectives:
1. To protect NITDA’s critical information assets and strategic processes
2. To improve stakeholder’s security awareness culture
3. To strengthen internal control process while maintaining key stakeholder confidence
Information Security Policy
NITDA is committed to the confidentiality, integrity and availability of It’s information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of an information security program in compliance with ISO/IEC 27001:2013 to protect the organization’s information assets against all threats.
All users and custodians of information assets owned by or entrusted to NITDA shall comply with this policy and exercise a duty of care in relation to the storage, processing, and transmission of the organization’s information and information systems.
NITDA shall comply with all applicable legal, regulatory and contractual requirements related to information security in her services and operations.
This information security policy states management’s commitment and establishes the framework for the actualization of NITDA security objectives and is the primary policy from which all NITDA information security related policies emanated.