Dear users of electronic services of the State Revenue Committee
To ensure the safety, confidentiality and integrity of your informational data the State Revenue Committee advises:
- to ensure the availability of up-to-date anti-virus packages
- to keep track of anti-virus packages validity periods and updates
- to perform formatting of acting subscription unit with re-installation of operating system in case existent viruses have not been rendered harmless by anti-virus package
- to perform frequent operating system checks
- to change user password every 90 days (password should contain 8 characters composed of combination of letters, numbers and special characters)
Your entry into the electronic systems of the State Revenue Committeewithout meeting the above-mentioned terms contains a risk of data loss.
Taking into account the above and the fact that the State Revenue Committeeis certified and acts within the framework of the international standard of Informational Security Management System ISO/IEC 27001:2005, please be informed that in such cases the State Revenue Committeeassumes the right of prohibiting the entry of undutiful users into its electronic systems.
Annex
To Decree No 202-A of February 25, 2022
of the Chairman of the State Revenue Committee of
The Republic of Armenia
INFORMATION SECURITY POLICY
STATEMENT
1. Taking into account the strategic role of the State Revenue Committee of the Republic of Armenia (hereinafter Committee) in normal economic activity and sustainable development, as well as attaching importance to protecting security of information at Committees disposal, the Committees leadership has decided to implement an information security management system meeting the requirements of ISO/IEC 27001:2013 international standard.
2. The information security management system is a part of a general management system based on risk assessment and designed to develop, implement, run, monitor, review, protect and improve information security mechanisms.
3. The aim of the information security management system is to ensure protection of confidentiality and integrity of information concerning persons (including taxpayers), which prescribes implementation of necessary activities and security means.
4. To provide high-level service to taxpayers, to ensure accessibility and smooth running of e-management systems as well as to protect against information threats, the Committee is using state-of-the-art equipment, technology and software: moreover, it has created a backup server area and information systems that will ensure smooth running of business processes during emergency and unpredictable situations.
5. The information security management system is designed to carry out information security purposes and solve information security issues.
Aims, objectives and implementation of information security policy
6. The main aims of IS policy are:
1) Ensuring security of Committees information processes to achieve the set objectives;
2) Ensuring steadiness of Committees operation irrespective of information security events to prevent the potential effect thereof;
3) Ensuring protection of information received from taxpayers, and Committees other information against unlicensed use;
4) Ensuring Committees information resources against internal, external, accidental or intentional threat that can lead to breach of confidentiality of information;
5) Ensuring smooth operation of Committees main business processes;
6) Ensuring fulfillment of requirements under laws and international treaties of the Republic of Armenia concerning Committees information processes.
7. Main objectives of information security policy are:
1) Ensuring smooth operation of services provided by the Committee to taxpayers and economic entities in terms of information processing and provision of information;
2) Ensuring compliance with requirements of internal legal acts and contractual obligations in terms of information security and related stakeholder persons;
3) Minimizing the chance of information threat as a result of which the Committee can bear loss or damage;
4) Minimizing loss or damage in case of security events;
5) Ensuring effective use of resources required for implementation of security programs;
6) Ensuring effective management of information security risks;
7) Setting out activities required for ensuring information security;
8) Notifying all stakeholder parties who have access to Committees information about their responsibility and obligations;
9) Ensuring awareness of employees on ensuring information security;
10) Ensuring safe working environment for Committees employees;
11) Ensuring that Committees information security management system complies with ISO/IEC 27001:2013 international standard requirements.
8. To carry out the information security policy, procedures necessary for ensuring it are being developed and implemented.
9. The heads of Committees subdivisions are responsible for observation by them and their subordinates of the procedures required for fulfilling the information security policy.
10. Fulfillment of the information security policy by Committees employees and stakeholders is mandatory.
