The Commission is in the process of implementing an Information Security Management System (ISMS) geared towards gaining ISO 27001:2022 standard certification that will enhance confidentiality, integrity, and availability of its information assets.
Chief Executive Officer (CEO) Marjan H. Marjan, MBS said the Commission is a custodian of sensitive information that must be protected to ensure the safety and security of citizens and the country. “The implementation of ISMS is a strategic initiative of the Commission and requires the support and participation of all staff members. As part of this initiative. the Commission engaged external providers to support the implementation alongside our own ISMS select team,” said Marjan.
The ISMS implementation scope shall revolve around election technology and any other supporting processes, functions and technologies.
“Our ISMS select team will work with key stakeholders to review and confirm the ISMS scope, including the information assets to be protected, the applicable regulations and standards, and the organizational structure and processes that will be covered by the ISMS,” said the CEO.
The Commission has also taken a step to analyze the risk assessments to identify any gaps in our environment and prioritize information security risks and determine appropriate controls to remedy the gaps and mitigate the identified risks.
Based on the results of the assessments, the Commission will implement appropriate controls to manage the identified gaps and risks. These controls may include technical measures, policies and procedures, awareness and training programs. There will also be a process for monitoring and reviewing the effectiveness of the ISMS, including regular audits and assessments.
The Commission has developed, reviewed, updated and approved Information and Communication Technology (ICT) Policy; and Information Security Management System (ISMS) Policy. “The two policies have also been developed and reviewed to conform to the Commission’s strategic plan in line with the emerging technological issues/improvements and industry best practices. This is to ensure that confidentiality, integrity and availability of the Commission’s information assets are maintained at all times”, said CEO.