The Management of FIRS recognizes the importance of developing and implementing an Information Security Management System (ISMS) and considers security of information related assets as fundamental for the successful business operation. Therefore, FIRS is committed towards securing the Confidentiality, Integrity and Availability of information for day-to-day business and operations. FIRS is committed to ensure that information is only accessible to authorized persons from within or outside the organization. An Information Security Management System (ISMS) comprising of the Information Security Policies, Procedures and Processes has been adopted to effectively protect data/information of the organization and its stakeholders from information security threats, whether internal or external, deliberate or accidental. The Management of FIRS has approved the Information Security Management System Manual and associated policies. The management’s commitment is:
  1. All regulatory and legislative requirements related to FIRS are met
  2. The confidentiality of information is protected to prevent disclosure of valuable or sensitive information
  3. The integrity of information is maintained to ensure its accuracy and completeness
  4. The availability of information is maintained to meet business needs, stakeholders and regulatory requirements.
  5. Business continuity plans are developed, maintained and tested
  6. Information security awareness is shared with all staff and interested parties
  7. Incident management process is established and implemented to ensure that all breaches of information security, actual or suspected are reported and investigated
  8. Risks are mitigated to an acceptable level through a Risk Management framework
  9. The Information Security Management System is continually improved
  10. Appropriate resources are allocated in order to implement, operate and review an effective Information Security Management System
  11. All stakeholders are responsible for implementing respective security policies and procedures within their area of operation, and oversee adherence of their team members
The management shall assure all interested parties that an appropriate and effective Information Security Management System is in place. The Management shall follow a formal disciplinary process against employees who violate the information security policies and procedures.

The Management shall conduct a review of the ISMS at periodical intervals or when significant changes take place to continually improve and ensure that the system meets the requirements of all stakeholders and compliance to the ISO 27001:2013 standard.

Management has overall responsibility for maintaining this Policy and providing guidance on its implementation.

Signed Muhammad Nami
The Executive Chairman, Federal Inland Revenue Service.