Information Security Policy

Version 1.1

Sharjah Finance Department (hereby referred as SFD) has been dedicatedly providing financial services to the other government entities in Sharjah and they are responsible to manage and deliver continuous and seamless service to their stakeholders. Protection of financial information and meeting the requirements of the stakeholders and other government entities plays a vital part to the success of SFD. To this end, SFD has established an Information Security Function to comply with the standard developed by the International Organization for Standardization (hereby referred to as ISO/IEC 27001:2013) that govern the processes required to protect the assets and information.

SFD adopts the following definitions, which together establish a framework for information security:

  • Confidentiality: Ensuring that information and information systems are accessible only to those authorized to have access.
  • Integrity: Safeguarding the accuracy and completeness of information, information systems and processing methods.
  • Availability: Ensuring authorized users have access to information, information systems and associated assets when required.

SFD management and all employees recognize the importance of establishing and implementing an effective information security management system in compliance with ISO/IEC 27001:2013 as it is fundamental for its business to ensure preservation of confidentiality, integrity, and availability of SFD information assets and services.

SFD management is committed to the establishment, maintenance and continual improvement of all necessary policies, procedures, and processes to meet the requirements of ISO/IEC 27001:2013 standard.

SFD management is committed to provide all necessary support and resources to fulfill needed information security requirements.

SFD is also committed to comply with all applicable information security UAE legislations and any contractual agreements. These are addressed in the following document:

Legal and Compliance Policy (The document is subject to reviews/ changes)

The ISMS objectives set by SFD Management are addressed below:

  • Ensure confidentiality, integrity, and availability of all information assets and systems
  • Meeting legislative, regulatory, sector and contractual requirements
  • Establish a secure culture in the organization
  • Establish appropriate access control to protect against unauthorized access
  • Ensure that all breaches of information security and suspected weaknesses are reported and investigated
  • Identify through appropriate risk assessment, the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk
  • Manage the risks to an acceptable level though the design, implementation and maintenance of a formal management system
  • Ensure continual improvement of ISMS

Yearly projects will be initiated by SFD top management in alignment with the ISMS objectives with clear KPIs. Failure to meet KPIs will trigger corrective action to be taken by project owners to avoid such failures in the future.

Successful implementation of the management system will ensure achieving all these objectives.

The management system, policy, objectives and targets will be reviewed annually (or sooner if necessary) by SFD top management

This policy statement is communicated to all employees and persons working for or on behalf of the organization and will be made available to the public, stakeholders and any other interested parties on request