Information Security Policy
NOMAC is committed to providing each business unit with appropriate Operational Technology Systems (OTS) and Information Technology and Communication (ITC) resources to support the assured Operation and Maintenance of the Desalination and Power Plants. NOMAC Management shall implement an Information Security Management System (ISMS) that meets the requirements of ISO 27001:2013 incorporating the following elements:
- Ensuring that information security objectives are established, and performance is periodically monitored
- Implementing adequate controls to safeguard NOMAC’s plants, Business System and information asset
- Developing and implementing a business resilience and continuity plan
- Implementing security awareness program for all the NOMAC employees
- Ensuring that all software installed in all ITC & OT systems at NOMAC is subject to the licensing provisions of the provider and only authorized software shall be used at all times
- Ensuring that all Information security breaches are reported, investigated, resolved, and closed
- Ensuring that a culture of compliance towards Information Security is advocated and promoted
- Confidentiality of information is assured in accordance with best practices
- Ensuring to fulfil applicable regulatory and legislative requirements
Management will conduct periodic review of the ISMS framework and policy and ensure continual system upgrade and improvement and shall further communicate this policy to all interested parties.
To view the original documents click here.