The information managed by Statistics Portugal, its processes, systems, applications, and networks are valuable assets for society. Information Security Management at Statistics Portugal aims to ensure the
confidentiality, integrity, and
availability of information, protecting digital and physical assets against threats and vulnerabilities. This approach is supported by a structured risk management and a continuous commitment to process improvement. Information Security Management at Statistics Portugal is fully integrated into Statistic Portugal’s Integrated Management System, as is Quality Management, contributing to a holistic approach to organisational management.
In line with the process started in 2019, Statistics Portugal has set itself the goal of systematising its Information Security Management System (ISMS), ensuring that it is aligned with international best practices, particularly with the ISO/IEC 27001:2022 standard.
The ISMS is made up of a set of policies and procedures that are now available for all Statistics Portugal’s processes, enabling the effective implementation of the System. The following documents are of strategic importance to Statistics Portugal and are available on the institutional portal:
- The Quality Charter, which formalises the public commitment assumed by Statistics Portugal regarding the quality and credibility of the official statistics it produces and disseminates, and the public service it provides to society as a whole — clearly expressing this commitment to information providers, users of statistical information, and all interested citizens — and which now also reflects a commitment related to information security;
- The Information Security Policy, which defines the general principles that guide the protection and management of assets under the responsibility of Statistics Portugal, within the scope of its Information Security Management. This policy is part of the Integrated Management System, aligned with the following standards and requirements: ISO/IEC 27001:2022 – Information Security, Cybersecurity and Privacy Protection: Information Security Management Systems (Requirements), ISO/IEC 27701:2019 – Extension to Privacy Information Management, ISO 9001:2015 – Quality Management Systems (Requirements), Applicable legislation and regulations on information security, cybersecurity and data protection and Recommendations from the ESS (European Statistical System) and EUROSTAT, on Information Security, Cybersecurity, and Privacy Protection;
- The Statistical Confidentiality Policy, , which replaces the former Confidentiality Charter of Statistics Portugal, which is part of the ISMS and constitutes a public commitment to upholding the Principle of Statistical Confidentiality, as assumed by Statistics Portugal in its role as the central body responsible for coordinating and developing national statistical activity;
- The Privacy and Personal Data Protection Policy, which aims to provide the data subject with information on the nature of the data collected, its purpose, and how it will be processed.