ISMS Policy
Version 1.0
ISMS Policy Statement
Sharjah Finance Department (hereby referred as SFD) has been dedicatedly providing financial services to the other government entities in Sharjah and they are responsible to manage and deliver continuous and seamless service to their stakeholders. Protection of financial information and meeting the requirements of the stakeholders and other government entities plays a vital part to the success of SFD. To this end, SFD has established an Information Security Function to comply with the standard developed by The International Organization for Standardization (hereby referred to as ISO27001:2013) that govern the processes required to protect the assets and information.
SFD management and all employees recognize the importance of establishing and implementing an effective information security management system in compliance with ISO/IEC 27001:2013 as it is fundamental for its business to ensure preservation of confidentiality, integrity, and availability of SFD information assets and services.
SFD management is committed to the establishment, maintenance and continual improvement of all necessary policies, procedures, and processes to meet the requirements of ISO 27001:2013 standard.
SFD management is also committed to provide all necessary support and resources to fulfill needed information security requirements.
SFD is also committed to comply with all applicable information security UAE legislations and any contractual agreements.
The ISMS objectives
- Ensure confidentiality, integrity, and availability of all information assets and systems protection
- Meeting UAE regulatory and legislative requirements
- Establish a secure culture in the organization
- Establish appropriate access control to protect against unauthorized access
- Ensure that all breaches of information security and suspected weaknesses are reported and investigated
- Identify through appropriate risk assessment, the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk
- Manage the risks to an acceptable level though the design, implementation and maintenance of a formal management system.
Yearly projects will be initiated by SFD top management in alignment with the ISMS objectives with clear KPIs. Failure to meet KPIs will trigger corrective action to be taken by project owners to avoid such failures in the future.
Successful implementation of the management system will ensure achieving all these objectives.
The management system, policy, objectives and targets will be reviewed annually (or sooner if necessary) by SFD top management.
This policy statement is communicated to all employees and persons working for or on behalf of the organization and will be made available to the public, stakeholders and any other interested parties on request.