This ISMS is specific only to the three Certificate Authority [CA] rooms in Isa Town, the five Registration Authority Control Centre operator desks located on the ground floor of the National ID card issuing centre in Isa Town and the two Public Servers located in Juffair, in the Kingdom of Bahrain. The ISMS does not extend beyond these two geographicaal locations and the personnel that make up the operational and management team for these areas. It should also be noted that the Key Ceremony(s) that occurs is outside the physical environment and is not included in the ISMS, however, detailed scripts, explanations and security documentation from each Key Ceremony will be introduced into the ISMS as required.
The Information Security Management System covers all activities within the PKI infrastructure in Juffair and ISA Town including related infrastructure key components such as Digi-CA and associated HSM. It relates to all assets, software and infrastructure used for storing, handling, processing and distributing digital certificates to Bahrain citizens.
Where terms which are used in ISO27001:2005 are used here, the definitions provided in clause 3 of that standard are applied. Where terms are defined in ISO17799:2005 but not in ISO27001:2005, the ISO17799:2005 definitions are applied here.
In particular, the ISMS is defined as the part (which includes organisational structure, policies, planning activities, plans, responsibilities, working practices, procedures, processes and resources) of the Organisation’s overall management system which, based on a business risk approach, enables management to establish, implement, operate, monitor, review, maintain and improve information security within the Organisation.
A current version of this document is available to PKI staff members of staff and is available on request from the Information Security Manager.
This procedure was approved by the Director General of IT and the Information Security Manager on 08 November, 2007 and is issued on a version controlled basis under his/her signature
Adlin Hisyamuddin Shaikh Salman Mohammed Al-Khalifa
Information Security Manager Director General of IT
____________________________ _______________________________
On:
08 November, 2007 08 November, 2007
____________________________ _______________________________
Change history
Issue 1 7 November, 2007 Initial issue