Service Management System (SMS) Policy

“NBU-DIT is committed to continuously delivering and improving all IT services and solutions to its internal and external customers in accordance with ISO 20000 IT Service Management System standard and applicable legal and regulatory requirements.”

 

The policy embraces the following key principles:

  • Ensuring that the service management policy and service management objectives are established and are compatible with the strategic direction of the organization.
  • Ensuring that the service management plan is created, implemented, and maintained to support

        the service management policy, and the achievement of the service management objectives and

        service requirements.

  • Ensuring that appropriate levels of authority are assigned for making decisions related to the SMS

         and the services.

  • Ensuring that what constitutes value for the organization and its customers is determined.
  • Ensuring there is control of other parties involved in the service lifecycle.
  • Ensuring the integration of the SMS requirements into the organization’s business processes.
  • Ensuring that the necessary resources for the SMS and the services are available for

         service management implementation.

  • Ensuring staff training and awareness of service management.
  • Communicating the importance of effective service management, achieving the

         service management objectives, delivering value, and conforming to the SMS requirements.

  • Ensuring that the SMS achieves its intended outcome(s).
  • Directing and supporting persons to contribute to the effectiveness of the SMS and the services.
  • Promoting the continual improvement of the SMS and the services.
  • Supporting other relevant management roles to demonstrate their leadership as it applies to their

        areas of responsibility.

  • Operating with and maintaining good relations with all regulatory bodies and complying with

         applicable regulatory requirements.

  • Monitoring, measuring, and reviewing the performance of the SMS and the services.

  

Information Security Policy 

NBU-DIT is committed to understanding and effectively managing risks related to Information Security to provide greater certainty and confidence for our stakeholders, employees, customers, suppliers, and for the communities in which we operate. Finding the right balance between information security risk and business benefit enhances our business performance and minimizes potential future exposures
 

: It is the policy of NBU-DIT to ensure 

  • Information will not be disclosed to unauthorized persons through deliberate or careless action.
  • Confidentiality of information will be maintained.
  •  Information will not be disclosed to unauthorized persons through deliberate or careless action.
  • The integrity of information through protection from unauthorized modification.
  • Availability of information to authorized users when needed.
  • All suspected breaches of information security will be reported and investigated.
  • Regulatory and legislative requirements are met
  • Responsibilities and accountability for information security are established.
  • The current security threats within the environment are assessed.

     The objectives of the policy are to:

  • Assure and communicate the management direction and support for information security in accordance with NBU's business requirements and relevant laws and regulations
  • Reduce the opportunity for mistakes and misunderstandings to occur when dealing with IT assets and information of NBU-DIT.
  • Educate staff to allow them to independently make an informed decision concerning the secure handling of IT assets and information which NBU-DIT owns within the framework of the information security policies.
  • Assist in the identification and investigation of fraudulent IS-related activities and cooperate with relevant legal agencies.
  • Defend IT assets and information that NBU-DIT governs, owns, manages, maintains, or controls which are both tangible and intangible, and safeguard IT-related records and documents that exist in all forms – paper and electronic.
  • Comply with the needs of the Regulatory Authorities (internal or external) and relevant legislation.

       NBU-DIT applies the following policies:

 

No

Policy

Key Principles

1

Organization of Information Security

  • Establish NBU-DIT’s management framework to initiate and control the implementation and operation of information security within NBU.
  • Ensure the security of teleworking and the use of mobile devices.

2

Asset Management

  • Identify NBU-DIT’s organizational assets and define appropriate protection responsibilities
  • Ensure that information receives an appropriate level of protection in accordance with its importance to NBU.
  • Prevent unauthorized disclosure,   modification,  removal,   or destruction of information stored on media.

3

Human Resources Security

  • Ensure that NBU-DIT’s employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
  • Ensure that NBU-DIT’s employees and contracts are aware of and fulfill their information security responsibilities.
  • Protect other NBU-DIT’s interests as part of changing or terminating employment.

4

Physical and Environmental Security

  • Prevent unauthorized physical access, damage, and interference to NBU-DIT’s information and information processing facilities.
  • Prevent loss, damage, theft, or compromise of assets and interruption to NBU-DIT’s operations.

5

Communications and Operations Management

  • Ensure correct and secure operations of information processing facilities.
  • Ensure that information and information processing facilities are protected against malware.
  • Protect against loss of data.
  • Record events and generate evidence.
  • Ensure the integrity of operational systems.
  • Prevent exploitation of technical vulnerabilities.
  • Minimize the impact of audit activities on operational systems.
  • Ensure the protection of information in networks and their supporting information processing facilities.
  • Maintain the security of information transferred within NBU-DIT and with any external entity.

6

Access Control

  • Limit access to information and information processing facilities.
  • Ensure authorized user access and prevent unauthorized access to systems and services.
  • Make users accountable for safeguarding their authentication information.
  • Prevent unauthorized access to systems and applications.

7

Information Systems Acquisition, Development, and Maintenance

  • Ensure that information security is an integral part of information systems across the entire lifecycle.
  • Ensure that information security is designed and implemented within the development lifecycle of information systems.
  • Ensure the protection of data used for testing.

8

Information Security Incident Management

  • Ensure a consistent and effective approach to the management of information security incidents, including communication on security events and weaknesses.

9

Business     Continuity Management

  • Ensure that information security continuity is embedded in NBU- DIT’s business continuity management systems.
  • Ensure the availability of information processing facilities.

10

Compliance

  • Avoid breaches of legal, statutory, regulatory, or contractual obligations related to information security and any security requirements.

 

certificate
ID ISO 20000 CLAUSE - DOCUMENT NAME DOCUMENT FILENAME