Information Security Policy
With this policy, the Directorate of Fisheries wants to underline the importance of information security for the organization's activities. This policy obliges the management and staff of the Directorate of Fisheries to follow internal and external requirements for information security and to promote continuous improvement of the management system itself and the state of information security. The purpose of the control system is to reduce the risk of all information systems and data due to threats to confidentiality, correctness and availability
Scope
The Directorate of Fisheries policy on information security covers the organization's activities as a whole and all the Directorate of Fisheries operations, inside and outside them. It obliges all staff, contractors and service providers (current and former) to enforce the requirements made, including on protection against unauthorized access, improper use, modification of data, disclosure, destruction, loss or unauthorized transfer of information.
Fiskistofa operates an information security management system according to the international standard ISO/IEC 27001.
The focuses of the information security management system at the Directorate Fisheries are:
that the collection, storage and sharing of information is done in a transparent and reliable manner.
that the collection and sharing of information is in accordance with laws and regulations.
that special attention is paid to the security of the information of the parties that the Directorate of Fisheries has statutory control over.
that the risk to the Directorate of Fisheries, individuals and stakeholders is minimized in organized and systematic way due to information processing.
To ensure the above priorities:
Always comply with the laws, rules and obligations that apply to the organization regarding the preservation, treatment, protection and registration of information.
The Directorate of Fisheries makes sure that the information it works with is correct and accessible to those who have access rights when needed.
Ensure that information is protected against damage, modification, deletion or disclosure to unauthorized persons.
Ensure as much as possible at any given time ongoing and continuous operation of information systems of the Directorate of Fisheries.
Make sure that the employees and service providers of the Directorate of Fisheries are informed of their obligation to maintain confidentiality and security of information.
Tangible security is acceptable, such as access to the offices of the Directorate of Fisheries.
Contribute to continuous improvement work at the Directorate of Fisheries and the use of the best possible technology at all times for handling of information.
Conduct regular internal audits and risk assessments to assess controls and performance.
Make plans for continuous operation, maintain them and test them as much as possible.
Report all security incidents, breaches or suspected weaknesses in information security as soon as they occur and investigate them. Ensure that appropriate corrective action are taken in each case.
Provide employees and service providers with the necessary guidance and support so that this policy can be implemented.
This policy shall be reviewed as necessary, but at least every two years.
Akureyri February 15, 2024
Elín Björg Ragnarsdóttir , Deputy Director-General