The Department of Social Protection has Data Protection policies, standards, procedures and guidelines in place governing the use of computer systems and customer data to ensure that the Department is fully compliant with GDPR EU requirements. Staff are regularly reminded of their Data Protection obligations. The importance of Data Protection and Cyber Security is promoted through awareness campaigns, presentations and regular notices.
The Department has adopted a defence-in-depth security strategy which is achieved by utilisation of people, processes, and technology to support the implementation of ICT security services. The threat landscape is constantly evolving, and significant effort is expended to continually enhance and strengthen ICT security to mitigate emerging threats, risks, vulnerabilities and cybersecurity issues.
In addition to deploying perimeter security measures, such as intrusion protection systems, software vulnerabilities are managed by maintaining up-to-date versions and aggressively deploying updates and patches to endpoints and applications as they become available.
My Department has developed an Information Security Management System (ISMS) aligned with the industry security standard ISO27001. his ISMS provides an overall governance framework for information security and sets out security policies, objectives, management oversight, practices and governance and ensures continual improvement of information security management. In addition, the Department is advanced in its programme to become ISO 270001 certified compliant with Annex 9, Access Control, ISO/IEC 27001:2013.