Policies

Policies

Information Security Management System (ISMS) Policy

1.1. Overview

  • In line with SCA's mission to enhance the principles of fair trading practices and improve the efficiency of UAE capital markets, SCA has embarked upon many initiatives to improve the quality of services delivered.
  • THE SCA IT department has initiated the implementation of the Information Security Management System (ISMS) in alignment with the ISO 27001:2013 standard to support the strategic vision of the SCA IT Department and ensure that the information security practices are in line with the industry-wide best practices for information security. This project assists SCA IT to improve the information availability, integrity and confidentiality and put in comprehensive approaches to assess information risks and define a comprehensive treatment plan. As part of this journey, the SCA IT Department also intends to achieve the ISO/IEC 27001:2013 Certification, the only auditable standard available for information security.
  • The ISMS implementation has been currently planned for the management of the SCAIT Department. In this regard, the development of ISMS policy is regarded as one of the most important steps as it provides vital principles and directions based on organizational requirements and Information Security priorities.

1.2. Purpose

The purpose of the ISMS policy is to demonstrate and express the intention and commitment of SCA to:

  • Protect information assets from all threats, whether internal or external, deliberate or accidental, thereby ensuring uninterrupted services to Employees, Customers and Stakeholders; and
  • Manage the risks to an acceptable level through design, implementation and maintenance of an effective Information Security Management system.

This policy forms the basis and identifies vital principles for all Information Security initiatives in SCA.

1.3. Scope

This document defines SCA ISMS policy and principles.

1.4. Applicability

The ISMS Policy applies to all SCA Staff, SCA Contractors and Third-Party Organizations involved in the management of Information Security at SCA.

1.5. Responsibilities

1.5.1. The SCA Information Security Management System (ISMS) Forum is responsible for developing, maintaining, and distributing SCA Security Policies.

1.5.2. The ISMS Forum is responsible for auditing and reporting compliance to SCA Security Policies.

1.5.3. Department Heads / Section Heads are responsible for compliance to SCA Security Policies within their area(s) of concern.

1.5.4. All Employees, Contractors and Third Parties are responsible for reading and understanding the application of the SCA Security Policies.

1.5.5. ISMS Forum is responsible for reviewing SCA Security Policies on a scheduled and ongoing basis to ensure their continuing suitability, adequacy, and effectiveness.

1.6. Key Objectives

The Primary Objectives of this policy are:

1.6.1. SCA shall develop an ISMS framework containing policies, procedures. To establish, implement, operate, monitor, review, maintain and improve a documented Information Security Management System (ISMS) within the organization's overall business activities relating to regulating the capital market sector in the United Arab Emirates.

1.6.2. The SMS framework shall consider business and legal or regulatory requirements and contractual security obligations. (Ref: ISMS Manual).

1.6.3. SCA shall develop a Risk management framework establishing criteria against which risk will be evaluated against business, legal and regulatory requirements. (Ref document on Information Security Risk Management Framework).

1.6.4. Establish a consistent, comparable, and repeatable approach to perform risk assessment and select appropriate controls to mitigate the risk arising from business, legal and regulatory requirements.

1.6.5. Establish a process to classify information assets based on the criticality and develop policies and procedures to assist SCA's IT Department in accomplishing its Security objectives.

1.6.6. ISMS framework also contains procedures to monitor and measure control effectiveness based on continual improvement methods while safeguarding SCA IT information processing systems

The SCA assets shall be protected from threats to Confidentiality, availability and Integrity. This policy also intends to create a secure business environment by developing awareness and imparting education.

Knowledge Management Policy

The Securities and Commodities Authority is committed to applying the principles of implicit and explicit knowledge management efficiently and effectively in implementing initiatives aimed at producing and sharing knowledge through:

  1. Developing and implementing a knowledge management strategy according to a clear and defined vision and goals according to the directions of the Federal Government.
  2. Ensuring that the knowledge management policy is available & widely understood by all employees and all SCA's employees are actively and efficiently involved in SCA's identity and culture that embraces global best practices in knowledge management.
  3. Ensuring the sustainability of knowledge management initiatives and projects through initiatives that include the preservation, deployment, participation, knowledge development and innovation in the authority.
  4. Compliance with organizational and other requirements related to the knowledge management system, and work continuously to improve the methodology by constantly reviewing performance levels and achieving goals to contribute to developing knowledge management performance.
Sustainable Procurement Policy

The Securities and Commodities Authority (SCA) confirms its commitment to sustainable procurement by policy to ensure effective and quality implementation and to determine and manage the environmental, social, and economic impacts within its supply chain to:

  1. Identify goals and develop action plans to support the sustainable procurement policy and monitor the ongoing improvement in sustainable procurement practices.
  2. Supply SCA with its needs of quality, timely-delivered, and competitively-priced goods and services to ensure procurement efficiency in line with federal legislation and rules.
  3. Meet the principles of sustainable procurement, wise governance, integrity, equality, and transparency in all procurement and contractual arrangements.
  4. Provide equal contracting opportunities to vendors, perform quotation evaluations, and evaluate vendor performance.
  5. Give priority to quotations/proposals submitted by small and medium enterprises (SMEs) registered with authorities responsible for supporting youth business projects to help develop the SME sector in the country. In addition, provide facilities to vendors who embed sustainability practices and standards and follow codes of ethical conduct in their work and supply chain.
  6. Investigate and handle complaints made by vendor partners professionally and transparently.
  7. Ensure the continuity of business and the availability of services and goods needed to manage SCA's operations by entering into strategic partnerships with vendors, identifying high-risk areas, making an impact within SCA's supply chain, and engaging vendors in the risks.
  8. Rationalize expenses, promote concepts of reasonable spending in managing SCA's procurement process, and prevent the waste of public funds.
  9. Displaying commitment to the best international standards and practices in preserving the environment, reducing carbon footprint, and maintaining public funds to achieve sustainable economic growth rates and ensure fair procurement, thus maintaining the rights of the society.
  10. Control the quality of procurement and contractual arrangements and procedures and make ongoing improvements in line with best practices (ISO 20400).
  11. Vendors selected to supply SCA with goods and services must display the following characteristics:

a. Work to reduce carbon footprint by:

  • Conserving resources, including energy, water, and materials.
  • Keeping waste to a minimum, whether in operations or otherwise.
  • Mitigating the impact of delivery and transportation and increasing reliance on local resources.

b. Provide services and benefits to the society by:

  • Complying with the International Labor Organization's principles on human rights and working conditions.
  • Ensuring the elimination of human trafficking and child labour practices in any supply chains or any part of their business if executed by a third party.
  • Prohibiting discrimination and legal harassment to ensure an inclusive and safe business environment.

c. Work on boosting economic growth by:

  • Supporting job creation and facilitating access to opportunities for SMEs, corporations, and community organizations.
  • Considering the cost of the product life cycle.
  • Paying wages (minimum requirements) to personnel and contractors.
  • Implementing procedures and practices related to anti-money laundering, fraud, bribery, corruption, conflict of interest, and data security issues.

The senior management is committed to communicating the sustainable procurement management system policy to all employees, vendors, and concerned parties using available means and methods. The policy must be reviewed regularly to ensure that it aligns with the best international practices to support sustainability goals.


SCA’s Risk Management Policy
  • The Securities and Commodities Authority (SCA) aims to become a model to emulate and the leading supervisory authority across the United Arab Emirates in applying the Business Continuity, Risk Management, and Institutional Crisis Framework. It seeks to do so by developing administrative approaches to address institutional challenges, taking advantage of available opportunities, and applying best practices in this area—all of which will help it to strengthen the confidence of related parties, mitigate risks that affect business continuity and sustainability, and realize its strategic objectives.
  • This policy governs the rules, regulations, and actions taken to address the risks associated with SCA's wide range of activities. To achieve sustainable development in line with the rules and powers provided for in SCA's establishing law and the relevant policies.
  • This policy aims to ensure that all related parties understand the concept of business continuity, risk management, and institutional crisis and that they are aware of their obligations when it comes to managing business continuity, risks, and crises that accompany all of SCA's institutional activities.
  • This comes as part of the efforts to assess and improve the effectiveness of internal supervision and audit and institutional governance, which will result in high and sustained achievement rates.
  • The Regulatory Policies & Future Foresight Section, in collaboration with concerned departments, are responsible for identifying, classifying, and assessing risks; presenting options to handle risks; and reviewing the effectiveness of the framework regularly using sound professional approaches, thus ensuring the implementation of the above and adding sustainable value to SCA's activities and operations.
SCA'S Innovation policy
  • The Securities and Commodities Authority (SCA) is working to create an environment that fosters innovation by developing a supportive infrastructure—focusing on developing human resources and smart, sophisticated electronic systems and the utilization of modern innovation tools in everyday business, thus encouraging the introduction of innovative services and achieving customer and employee happiness.
  • The SCA has been keen to pursue a proactive rather than a reactive innovation strategy. With a proactive innovation strategy, the SCA will have a strong research orientation and first-mover advantage and a leader in the capital markets sector.

The proactive innovation strategy depends on the following types of innovations:

  • Radical: breakthroughs that change the nature of products and services.
  • Incremental: the constant technological or process changes that lead to improved performance of products and services.
SCA'S Corporate Governance Policy

SCA is committed to:

  1. Implement best practices in governance to underpin SCA's performance.

  2. Create work culture characterized by integrity, fairness, transparency and accountability.

  3. Develop a directive and supervision framework across all SCA's activities.

Corporate Governance Principles adopted by SCA:

  1. Stakeholders focus oriented.

  2. Partnership and cooperation.

  3. Integrity, moral values and sovereignty of law.

  4. Fairness and equality.

  5. Independence.

  6. Discloser and transparency.

  7. Liability and accountability.

  8. Sustainable development.

  9. Control and discipline.

  10. Innovation.

Share this page Share Print