Information Security Management System (ISMS) Policy

1.1. Overview

In line with SCA’s mission to protect investors, enhance the principles of fair trading practices, and to improve the efficiency of UAE capital markets, SCA has embarked upon a number of initiatives to improve the quality of services delivered.

Since one of the most important aspects of ensuring fair trading practices is protection of information, SCA IT Department as a part of its continuous improvement of managing Information Security has initiated the implementation of Information Security Management System (ISMS) in alignment with the ISO 27001:2013 standard to support the strategic vision of SCA IT Department and to ensure that the information security practices are in line with the industry-wide best practices for information security. This project will assist SCA IT to improve the information availability, integrity and confidentiality, and put in comprehensive practices to assess information risks and define comprehensive treatment plan. As part of this journey, SCA IT Department also intends to achieve the ISO/IEC 27001:2013 Certification, which is the only auditable standard available for information security.

The ISMS implementation has been currently planned for management of SCAIT Department. In this regard, development of ISMS policy is regarded as one of the most important steps as it provides key principles and directions based on organizational requirements and Information Security priorities.

1.2. Purpose

The purpose of the ISMS policy is to demonstrate and express the intention and commitment of SCA to:

  • Protect information assets from all threats, whether internal or external, deliberate or accidental thereby ensuring uninterrupted services to Employees, Customers and Stakeholders; and
  • Manage the risks to an acceptable level through design, implementation and maintenance of an effective Information Security Management system.

This policy forms the basis and identifies key principles all Information Security initiatives in SCA.

1.3. Scope

This document defines SCA ISMS policy and principles that need to be followed at SCA.

1.4. Applicability

The ISMS Policy applies to all SCA Staff, SCA Contractors and Third Party Organizations who are involved in the management of Information Security at SCA.

1.5. Responsibilities

1.5.1. The SCA Information Security Management System (ISMS) Forum is responsible for the development, maintenance, and distribution of SCA Security Policies.

1.5.2. The ISMS Forum is responsible for auditing and reporting compliance to SCA Security Policies.

1.5.3. Department Heads / Section Heads are responsible for compliance to SCA Security Policies within their own area(s) of concern.

1.5.4. All Employees, Contractors and Third Parties are responsible for reading and understanding the application of the SCA Security Policies.

1.5.5. ISMS Forum is responsible for the review of SCA Security Policies on a scheduled and on-going basis to ensure their continuing suitability, adequacy, and effectiveness.

1.6. Key Objectives

The Primary Objectives of this policy are:

1.6.1. SCA shall develop ISMS framework containing policies, procedures etc to establish, implement, operate, monitor, review, maintain and improve a documented Information Security Management System (ISMS) within the context of the organization’s overall business activities relating to regulation of capital market sector in United Arab Emirates.

1.6.2. The SMS framework shall takes into consideration of business and legal or regulatory requirements, and contractual security obligations. (Ref: ISMS Manual).

1.6.3. SCA shall develop Risk management framework establishing criteria against which risk will be evaluated against business, legal and regulatory requirements. (Ref document on Information Security Risk Management Framework).

1.6.4. Establish consistent, comparable, and repeatable approach to perform risk assessment and select appropriate controls to mitigate the risk arising out of business, legal and regulatory requirements.

1.6.5. Establish process to classify information assets based on the criticality and shall develop policies and procedures to assist SCA’s IT Department in accomplishing its Security objectives.

1.6.6. ISMS framework also contains procedures to monitor and measure control effectives based on continual improvement methods while safeguarding SCA IT information processing systems

SCA assets shall be protected from threats to Confidentiality, availability and Integrity. This policy also intends to create a secure business environment by developing awareness and imparting education.

Knowledge Management Policy

The Securities and Commodities Authority is committed to apply the principles of implicit and explicit knowledge management efficiently and effectively in implementing initiatives aimed at producing and sharing knowledge through:

  1. Developing and implementing a knowledge management strategy according to a clear and defined vision and goals according to the directions of the Federal Government.
  2. Ensuring that the knowledge management policy is available & widely understood by all employees, and all SCA's employees are actively and efficiently involved in SCA's identity and culture that embraces global best practices in the field of knowledge management.
  3. Ensuring the sustainability of knowledge management initiatives and projects through initiatives that include the preservation, deployment, participation, knowledge development and innovation in the authority.
  4. Compliance with organizational and other requirements related to the knowledge management system, and work continuously to improve the methodology by constantly reviewing performance levels and achieving goals in a way that contributes to developing knowledge management performance.
Sustainable Procurement Policy

The Securities and Commodities Authority (SCA) confirms its commitment to sustainable procurement by pursuing a sustainable procurement policy to ensure effective and quality implementation and to determine and manage the environmental, social, and economic impacts within its own supply chain in an effort to:

  1. Identify goals and develop action plans to support the sustainable procurement policy and monitor the ongoing improvement in sustainable procurement practices.
  2. Supply SCA with its needs of quality, timely-delivered, and competitively-priced goods and services to ensure procurement efficiency in line with federal legislation and rules.
  3. Meet the principles of sustainable procurement, wise governance, integrity, equality, and transparency in all procurement and contractual arrangements.
  4. Provide equal contracting opportunities to vendors, perform quotation evaluations, and evaluate vendor performance.
  5. Give priority to quotations/proposals submitted by small and medium enterprises (SMEs) registered with authorities responsible for providing support to youth business projects to help develop the SME sector in the country. Provide facilities to vendors who embed sustainability practices and standards and follow codes of ethical conduct in their work and their own supply chain.
  6. nvestigate and handle complaints made by vendor partners in a professional and transparent manner.
  7. Ensure the continuity of business and the availability of services and goods needed for the management of SCA’s operations by entering into strategic partnerships with vendors, identifying high-risk areas, making an impact within SCA’s own supply chain, and engaging vendors in the risks.
  8. Rationalize expenses, promote concepts of reasonable spending in managing SCA’s procurement process, and prevent the waste of public funds.
  9. Maintain environmental, social, and economic sustainability and preserve the health and safety of all personnel, customers, and vendors during procurement and contractual arrangements by displaying commitment to the best international standards and practices in preserving the environment, reducing carbon footprint, and maintaining public funds to achieve sustainable economic growth rates and ensure fair procurement, thus maintaining the rights of the society.
  10. Control the quality of procurement and contractual arrangements and procedures and make ongoing improvements in line with best practices (ISO 20400).
  11. Vendors selected to supply SCA with goods and services must display the following characteristics

a. Work to reduce carbon footprint by:

  • Conserving resources, including energy, water, and materials.
  • Keeping waste to a minimum, whether in operations or otherwise.
  • Mitigating the impact of delivery and transportation and increasing reliance on local resources.

b. Provide services and benefits to the society by:

  • Complying with the International Labor Organization’s principles on human rights and working conditions.
  • Ensuring the elimination of human trafficking and child labor practices in any of their supply chains or any part of their business if executed by a third party.
  • Prohibiting discrimination and legal harassment to ensure an inclusive and safe business environment.

c. Work on boosting economic growth by:

  • Supporting job creation and facilitating access to opportunities for SMEs, corporations, and community organizations.
  • Considering the cost of the product life cycle.
  • Paying wages (minimum requirements) to personnel and contractors.
  • Implementing procedures and practices related to anti-money laundering, fraud, bribery, corruption, conflict of interest, and data security issues.

The senior management is committed to communicating the policy on sustainable procurement management system to all employees, vendors, and concerned parties using available means and methods. The policy must be reviewed regularly to ensure that it is in line with the best international practices in an effort to support sustainability goals.

SCA’s Risk Management Policy

The Securities and Commodities Authority (SCA) aims to become a model to emulate and the leading supervisory authority across the United Arab Emirates in the application of the Business Continuity, Risk Management, and Institutional Crisis Framework. It seeks to do so by developing administrative approaches to address institutional challenges, taking advantage of available opportunities, and applying best practices in this area—all of which will help it to strengthen the confidence of related parties, mitigate risks that affect business continuity and sustainability, and realize its strategic objectives. This is done by making sure that the Business Continuity, Risk Management, and Institutional Crisis Policy is being continually improved—whether in terms of the regulations, rules, or procedures in place, or the actual application. The senior management is committed to supporting those in charge and providing the resources, technologies, and training needed to ensure effective and efficient application of relevant processes.

As such, this policy governs the rules, regulations, and actions taken to address the risks associated with SCA’s wide range of activities. This will help to achieve sustainable development in line with the rules and powers provided for in SCA’s establishing law and the relevant policies. The objective of this policy is to ensure that all related parties understand the concept of business continuity, risk management, and institutional crisis and that they are aware of their obligations when it comes to managing business continuity, risks, and crises that accompany all of SCA’s institutional activities. This comes as part of the efforts to assess and improve the effectiveness of internal supervision and audit and institutional governance, which will result in high and sustained achievement rates. The Regulatory Policies & Future Foresight Section in collaboration with concerned departments are responsible for identifying, classifying, and assessing risks; presenting options to handle risks; and reviewing the effectiveness of the framework on a regular basis using sound professional approaches, thus ensuring the implementation of the above and adding sustainable value to SCA’s activities and operations.

Dr. Obaid Al Zaabi

SCA'S Innovation policy

The Securities and Commodities Authority (SCA) is working to create an environment that fosters innovation by developing a supportive infrastructure. This includes focusing on the development of human resources and smart, sophisticated electronic systems and the utilization of modern innovation tools in everyday business, thus encouraging the introduction of innovative services and achieving customer and employee happiness.

The SCA has been keen to pursue a proactive rather than a reactive innovation strategy. With a proactive innovation strategy, the SCA will tend to have strong research orientation and first-mover advantage and will be a leader in the capital markets sector. The proactive innovation strategy depends on the following types of innovations:

  • Radical: breakthroughs that change the nature of products and services.
  • Incremental: the constant technological or process changes that lead to improved performance of products and services.
Share this page Share Print