Information Security Policy Statement

The management of the Public Procurement and Disposal of Public Assets Authority (PPDA) has established and documented an information security policy based on the requirements of the ISO/IEC 27001:2022 standard, which is appropriate to the Authority’s purpose. This policy encompasses information security objectives aimed at safeguarding the Confidentiality, Integrity, and Availability of information and information processing assets from all threats, whether internal or external, deliberate or accidental, in relation to the processing, transmitting, and storing of sensitive procurement and Authority information.

PPDA shall therefore:

• Establish and implement risk-based information security controls.

• Periodically review and update operational procedures for all business functions.

• Ensure compliance with legal, statutory, and regulatory requirements and contractual security obligations.

• Ensure information security awareness amongst staff, interns, service providers, third-party contractors, and end-users of PPDA information systems.

• Ensure management of security incidents effectively through an incident management framework.

• Develop business continuity plans that address information security continuity.

• Ensure continual improvement of the Information Security Management System (ISMS) through regular reviews of measurable information security objectives.

PPDA’s management is committed to satisfying the applicable requirements related to information security and to the continual improvement of the information security management system. The policy shall be communicated to all interested parties (defined in the scope documentation of the ISMS) through the approved communication channels used by the Authority and observed in contractual agreements.