To achieve its objectives, JOBFIE undertakes to protect information security, ensuring sound information management in order to offer all stakeholders maximum assurances regarding the protection of information processed in the delivery of its technology and digital services.
These systems must be managed diligently, adopting appropriate measures to protect them against accidental or deliberate harm that could affect the availability, integrity or confidentiality of the information processed or the services provided.
The purpose of information security is to safeguard information quality and the continued delivery of services, acting preventively, monitoring day-to-day activity and responding swiftly to incidents.
ICT systems must be protected against rapidly evolving threats capable of affecting the confidentiality, integrity, availability, intended use, and value of information and services. Defending against these threats requires a strategy that adapts to changes in environmental conditions to ensure continuity of service delivery. This means that departments must apply the minimum security measures required by the Esquema Nacional de Seguridad (ENS), continuously monitor service performance levels, track and analyse reported vulnerabilities, and prepare an effective incident response to ensure continuity of the services provided.
Departments must ensure that ICT security is an integral part of every stage of the system lifecycle, from design through decommissioning, including development or procurement decisions and operations activities. Security requirements and funding needs must be identified and included in planning, requests for proposals, and ICT procurement tender documents.
Departments must be ready to prevent, detect, respond to and recover from incidents, in accordance with Article 8 of the ENS (Article 8 — Prevention, detection, response and preservation).