Aligning information technology security controls holistically with international security standards, Ehsaas has developed an information technology (IT) policies vault, which is a repository of a set of infrastructure, application, databases, policies and procedures for systematically managing the programme's sensitive data and protecting its information assets.
The IT centred reform has been introduced to facilitate the digital transfer of benefits to the beneficiaries in a transparent manner, to ensure data integrity and to hedge against abuse and hacking.
Special Assistant to the Prime Minister on Poverty Alleviation and Social Protection Dr Sania Nishtar, said in a statement issued here on Monday, “40 IT policies are being executed stringently along the lines of Ehsaas Governance and Integrity Policy. As Ehsaas continues to strengthen its data and systems, it is important to mention the significance of IT policies vault to setting up the foundation for future social protection programmes, for developing the socioeconomic registry, and launching cash transfer programmes.”
She said the recently introduced IT safeguards were the critical building blocks, which were allowing them to deliver the Ehsaas programmes with enhanced integrity, transparency and accountability.
With regard to data governance, she said, a set of policies had been developed and implemented on data acceptable use, data backup, data classification and monitoring, data handling and data access control.
Regarding data management, Dr Sania said data availability management policy, change management process, data labelling procedure, data retention policy, software policy and data backup procedures were introduced.
Similarly to reinforce data security, she added, several important policies including information security policy, network security policy, physical data security policy, password policy, antivirus and malware policy, and cryptographic policy had been executed.
Most importantly, Dr Sania said, was also executing a combination of ISO27001 policies and procedures for robust data governance. “The ISO27001 allows Ehsaas to follow a systematic approach to managing information security risks affecting the confidentiality, integrity and availability of organization and beneficiary information. The system operates in accordance with the highest information security practices and standards, she added.
Published in The Express Tribune, June 1st, 2021.