Islamabad May 31’2021: Aligning IT security controls holistically with international security standards, Ehsaas has developed an IT policies vault. The vault is a repository of a set of IT infrastructure, IT application, databases, policies, and procedures for systematically managing Ehsaas’ sensitive data and protecting its information assets. The IT centered reform has been introduced to facilitate digital transfer of benefits to beneficiaries in a transparent manner, to ensure data integrity and to hedge against abuse and hacking.
Dr. Sania Nishtar said, “Forty IT policies are being executed stringently along the lines of Ehsaas Governance and Integrity Policy. As Ehsaas continues to strengthen its data and systems, it is important to mention the significance of IT policies vault to setting up the foundation for future social protection programs, for developing the socioeconomic registry, and launching cash transfer programs.” Continuing she said, “These recently introduced IT safeguards are the critical building blocks which are now allowing us to deliver Ehsaas programs with enhanced integrity, transparency and accountability.”
With regard to the data governance, a set of policies have been developed and implemented on data acceptable use, data backup, data classification and monitoring, data handling and data access control. Regarding data management, data availability management policy, change management process, data labelling procedure, data retention policy, software policy and data backup procedures.
Further, to reinforce data security; several important policies including information security policy, network security policy, physical data security policy, password policy, antivirus and malware policy, cryptographic policy have also been executed.
Most importantly, Ehsaas is also executing a combination of ISO27001 policies and procedures for robust data governance. The ISO27001 allows Ehsaas to follow a systematic approach to managing information security risks affecting the confidentiality, integrity and availability of organization and beneficiary information. The system operates in accordance with the highest information security practices and standards.