The information managed by Statistics Portugal, including the procedures that support it, systems, applications and networks are valuable assets to the society. By guarantying the confidentiality, integrity and/or availability of the information, Statistics Portugal ensures the credibility of the services it provides. Therefore, Statistics Portugal has assumed the objective of systematizing its Information Security Management System (ISMS) and its alignment with the best international practices, namely NP ISO / IEC 27001: 2013. The ISMS is comprised of a set of policies and procedures that are now available to all Statistics Portugal’s procedures, and which allow the operationalization of the System. The following are noteworthy strategic documents to Statistics Portugal and made available in its Portal:
- The 2019 edition of the Quality Chart, which formalizes Statistics Portugal’s assumed public commitment in relation to the quality and credibility of the official statistics it produces and disseminates, to the public service it provides to the society – making it clear to all information providers, users of statistical information and to the public in general – also expressing the commitment towards information security;
- The Information Security Policy, which sets the general principles by which Statistics Portugal carries its mission, to the assets it manages within the scope of the ISMS, following all requirements within NP ISO/IEC 27001:2013, the applicable legislation, regulation and recommendations of the ESS and EUROSTAT in what specifically concerns information security;
- The Statistical Confidentiality Policy, which replaces the former Statistics Portugal´s Confidentiality Chart and is part of the ISMS and formalizes the public commitment of compliance with the Principle of Statistical Secrecy assumed by Statistics Portugal as the central body responsible for the coordination and development of the national statistical activity;
- The Personal Data and Privacy Protection Policy, which aims to supply the providers of data information about the nature of the collected data, its intended purpose and how the data are treated.