Quality and security policy of Statistics Iceland

Statistics Iceland is a professionally independent research institution which develops, produces and disseminates statistics about society. Statistics Iceland’s policy is to work according to sound methodology and appropriate statistical procedures based on impartiality, objectivity and statistical confidentiality. Furthermore, the Statistics Iceland’s objective is to produce accurate, reliable, coherent and comparable statistics in accordance with the needs and expectations of its users and in a timely, user friendly and secure manner.

The vision of Statistics Iceland is to be a progressive centre of knowledge which offers good service and promotes informed society. The guiding lights of the institution are service, reliability and progress.

Statistics Iceland operates an information security management system based on ISO/IEC 27001:2013, an international standard on information security management systems, and other relevant requirements related to the activities of the institution. The preservation of confidentiality, integrity and availability of information is emphasised in order to maximize their utility in the activities of Statistics Iceland.

This policy covers all activities of Statistics Iceland. The policy covers employees, partners, data providers, customers and suppliers. It also covers all types of recording, processing, communication, distribution, storage and deletion of information at Statistics Iceland. The policy also covers premises and equipment where information is used or stored.

Statistics Iceland sets the following objectives with the information security policy:

1. Information is accurate and accessible to those who have access rights when required.
2. Secrecy of information and confidentiality is maintained.
3. Information is not made public unintentionally, through negligence or inadvertence.
4. Information is protected against theft, fire, natural disasters, etc.
5. Information is protected against damage and destruction caused by computer viruses and other malware.
6. Reliable and well-preserved copies of important data and software systems are always available.
7. Information that is transferred over open networks shall reach the right recipients intact and timely while ensuring that they do not fall into the hands of others.
8. Continuous operation plans are prepared, maintained and tested.
9. Security incidents, breaches or suspicions of information security vulnerabilities are reported and investigated.
10. Risks arising from the processing and retention of information are within defined risk limits.

The quality system of Statistics Iceland is based on the 15 principles of the European Statistics Code of Practice (CoP) published by the European Statistical System (ESS):

1. Professional independence
2. Mandate for data collection
3. Adequacy of resources
4. Commitment to quality
5. Statistical confidentiality
6. Impartiality and objectivity
7. Sound methodology
8. Appropriate statistical procedures
9. Non-excessive burden on respondents
10. Cost effectiveness
11. Relevance
12. Accuracy and reliability
13. Timeliness and punctuality
14. Coherence and comparability
15. Accessibility and clarity

Review

This policy is reviewed on yearly basis and more frequently if necessary to ensure it conciliates with the objectives of Statistics Iceland.

12 March 2020