The National Identity Management Commission (NIMC) has obtained the highest global standards for Information Security Management System (ISMS) in its determination to ensure the security of data and information obtained from citizens as it steps up enrolment and issuance of the National Identification Number (NIN).
Director-General of NIMC, Aliyu Aziz, who made this known in a statement in Abuja, said this was in line with the Commission’s commitment to security of information and data security.
“We obtained the ISO/IEC 27001:2013, which is a global information security standard that formally specifies an Information Security Management System (ISMS)to safeguard the data and information obtained from citizens and legal residents in line with global best practices,” he said.
According to Aziz, the ISMS “prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing and corrective as well as preventive measures.”
He said the move was to ensure adequate security of data being collected from citizens and legal residents as the commission gears up to attain 100 per cent enrolment in the on-going efforts to ensure every Nigerian is enrolled and issued the National Identification Number (NIN). The mandatory usage of the NIN took effect on January 1, 2019.
In this era of rising cyber-attacks, national institutions such as NIMC that hold national data are taking several security precautions to keep their information vault safe. NIMC as the custodian of the most important data in the country, therefore, has taken that a notch higher by embracing the best global practice in data security, Aziz said.
The ISO/IEC 27001 is a robust framework that helps organisations protectinformation such as financial data, intellectual property or sensitive customer information. It also helps them identify risks and puts in place security measures that are right for their data, so that they can manage or reduce risks to their information.
The standard prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures. With compliance to these standards, NIMC has further demonstrated its commitment to security of information and data privacy as it continues to build a credible national database for the country.