Information Security policy
The vision of the State Digital Solutions Agency (hereinafter referred to as SDSA) is to be a reliable, open, innovative, and dynamic organization that comprehensively contributes to the successful development of Lithuania’s key information society development processes and meets the needs and expectations of its Clients, service recipients, and society. In pursuing this vision, we place significant emphasis on the security of the information we manage and process.
In order to manage and process information securely, we ensure:
- Confidentiality – protection of information against unauthorized disclosure;
- Integrity – protection of information against unauthorized or accidental modification;
- Availability – ensuring that information is accessible whenever it is required for the proper performance of activities.
SDSA has established, implemented, maintains, and continuously improves an Information Security Management System (hereinafter referred to as the Information Security Management System) in accordance with the ISO/IEC 27001 standard, with the aim of meeting and exceeding Clients’ needs and expectations.
Key Principles of the Information Security Management System:
- Information security is an integral part of every SDSA activity, process, and procedure;
- All SDSA employees regard information security as a priority in their daily work;
- SDSA continuously improves the Information Security Management System and ensures its compliance, suitability, and effectiveness.
Key Objectives of the Information Security Management System:
- To manage and process information in accordance with the requirements of legal acts, standards, processes, and global best practices;
- To ensure information security in service delivery by using innovative solutions that comply with the principles of integrity, confidentiality, and availability;
- To improve the Information Security Management System by taking into account identified external and internal organizational factors affecting the achievement and review of objectives, as well as the continuous improvement of information security.
The Information Security Policy is a public document accessible to all interested parties.