Information Security Management System Policy

​Information Systems Directorate in Ministry of Industry and Commerce recognizes the importance of establishing and implementing an effective information security management system, as it is important to ensure the confidentiality, credibility, and availability of information assets. Therefore, Information Systems Directorate has established an information security system to comply with information security standards, including the ISO 27001:2013 standards that govern the procedures necessary to protect assets and information.

Information Systems Directorate adopts the following definitions that form the framework of information security:

  • Confidentiality: Ensuring that only authorized persons have access to information and information systems.
  • Integrity: Maintaining the accuracy and completeness of information and information systems.
  • Availability: Ensuring that authorized users have access to information, information systems and associated assets when needed.

Objectives of the Information Security Management System

  • Ensuring the confidentiality, Integrity and availability of all information assets and systems protection.
  • Meeting the regulatory and legislative requirements.
  • Managing risks to an acceptable level by evaluating risks and reducing their severity.
  • Establishing a culture of awareness of information security in the ministry.
  • Continuous improvement of information security and efficiency of the information security management system.

Information Systems Directorate is committed to establishing, maintaining, and improving the information security management system in accordance with the requirements of the international standard ISO 27001:2013.