The Commissioner for Information of Public Importance and Personal Data Protection received an information security management system certificate ISO 27001: 2013.
The high standard for establishing and managing information security was established by the International Organization for Standardization. This certificate is issued only after an audit performed by authorized auditors on the adopted and implemented information security system in an organization. It involves, as necessary, to adopt and implement a number of procedures, to take specific and technical protection measures and to educate and inform all employees about changes in work for the purpose of data protection.
Data security is very important for the Commissioner in terms of both functions it performs, namely the protection of personal data and data confidentiality. This certificate is a confirmation of the quality protection of all data that the Commissioner deals with.
Data security is, or should be, of importance to all state authorities, but our everyday practice does not confirm this. Unfortunately, we are daily faced with both illegal possession of personal data of citizens and leakage of confidential information from various state bodies. The Commissioner hopes to encourage, by own example, other state authorities to introduce this standard and pass the audit, in particular the authorities whose competence, as well as the scope of work, involves the handling of personal data and confidential data.