By means of recently issued Resolution No. 211/2023 (“Resolution“), the Agency for Access to Public Information (AAIP) approved its information security policy (“Policy“).
Following Administrative Decision No. 641/2021 on “Minimum information security requirements for the national public sector,” the AAIP approved its information security policy. The same applies to the institutional scope of the AAIP, its agents (both internal and external), and all the processes it carries out.
The purposes of the Policy are to protect the information resources of the AAIP and the technological tools used for their processing; ensure the confidentiality, integrity, availability, legality and reliability of information; and strengthen the adequate implementation of security measures, identifying available resources.
The Policy will be reviewed annually by the AAIP’s IT and Innovation Directorate.
The Policy’s most relevant aspects include the following:
- Classification of “Information Assets,” meaning elements that contain or process information relevant to the AAIP
- Management of access to systems, databases and information services
- Security incident management, with a focus on the adequate application of corrective measures in a timely manner
Although it is not applicable to the private sector, the Policy is important as it summarizes the criteria and standards set by the AAIP.
Click here to read the Spanish version.