NASK, similarly as to the quality of services provided, it pays great attention to information security. In November 2017 we received a certificate of information security management system in accordance with the requirements of ISO/EIC 27001:2017.
The granting of the certificate was preceded by an audit conducted by an independent certification body. The auditors decided that our strength is a high level of network and server infrastructure management and a high level of technical solutions in the area of information and communication security. Moreover, it was declared that we have a reserve of resources that will allow us to maintain the correct operation of systems in case of a failure. Legal support is also appropriate for all services and processes in which information security is important.
The information security management system in NASK includes selected processes in the Domain Department, NC Cyber and maintenance of the eID Cross-Border Node.
Currently, we are consistently implementing the security policy, which obliges us to minimize the information security risk and immediately respond to incidents related thereto.