Emirates Identity Authority( EIDA) is the first UAE federal organisation to be awarded ISO/IEC 27001: 2005 certification. Certification is top international standard for evaluating information security management systems.
While receiving the certification from Mr. Ahmad Al Khatib, General Manager of British Standards Institution (BSI)- Abu Dhabi, H.E. Dr. Eng. Ali Mohamed Al Khouri, Emirates ID Director General stressed the importance of this major achievement. The certification came as a fruit of the efforts of all Emirates Identity Authority employees, as well as their constructive co-operation and their keenness on making this renewed achievement.
Al Khouri explained that this certification is a significant indicator of the Emirates Identity Authority’s commitment to the world’s information security standards and is a continuation of its efforts for employing advanced technologies to ensure data confidentiality, particularly that the Emirates Identity Authority had fulfilled a number of strategic initiatives, which would be treated as the infrastructure for many projects in the UAE including the digital identity and electronic connection among the government organizations concerned with civil incidents.
The Emirates Identity Authority was awarded the ISO/IEC 2007:2005 certification, which is the top international standard for evaluating information security management systems, after succeeding in meeting the international standards required for obtaining this certification and ensuring that all major central systems operating the Emirates ID-adopted population register system and ID card apply to all mechanisms of work at the Department of Communications and Information Systems, not to mention the Emirates Identity Authority’s success in setting up, operating, monitoring, reviewing, maintaining and improving the information security and privacy management system as well as raising the employees’ security awareness level.
The positive results of the verification process, which was carried out by the evaluation authority and continued for around 2 months, confirmed that the Emirates Identity Authority had ensured that the information it kept was confidential, accurate and healthy. The evaluation authority praised the Emirates Identity Authority’s distinguished implementation of information security systems and its high-level abidance by the implementation standards of these systems. It also praised the keenness of the Emirates Identity Authority’s employees to ensure that this information should be kept confidential and that the use of this information should be limited to secure and electronically coded methodologies that might not be penetrated.
The Emirates Identity Authority also underwent a multi-phase verification process while all its documents and applications related to information security and the plans for dealing with hazards and testing the effectiveness of information security monitoring systems and the security system in general were reviewed comprehensively and in detail.
It is worthwhile that in early 2008 the Emirates Identity Authority was awarded an ISO certification for information security to be the only federal government entity to obtain such certification.