Guideline 36. Management framework for information security | International Social Security Association (ISSA)

Introduction
Objectives of the ISSA Guidelines on Information and Communication Technology
ICT Standards and Frameworks
Structure of the ISSA Guidelines on Information and Communication Technology
A. Governance and Management
A.1. ICT Governance
Guideline 1. Application of the ICT governance framework
Guideline 2. ICT governance processes
A.2. ICT Management
Guideline 3. ICT strategy and innovation prospective
Guideline 4. ICT management processes
Guideline 5. Operationalizing social security functions through ICT
Guideline 6. Implementing e-services
A.3. ICT Service Delivery
Guideline 7. Strategy and processes to manage a portfolio of ICT services
Guideline 8. Demand management process
Guideline 9. ICT service catalogue management
Guideline 10. Service level management
Guideline 11. Capacity management
Guideline 12. ICT service continuity management
Guideline 13. Information security management
Guideline 14. Application development management
Guideline 15. Change management
Guideline 16. ICT operations management
Guideline 17. Service desk and request fulfilment
Guideline 18. Managing events, problems and incidents
A.4. ICT Investment and Value Management
Guideline 19. Defining concept of value and approaches to optimize its realization
Guideline 20. Managing ICT investments through a portfolio-oriented approach
Guideline 21. Monitoring and evaluation of ICT-enabled investments
A.5. Data and Information Management
Guideline 22. Developing a data governance framework
Guideline 23. Developing a master data model and system
Guideline 24. Data development and operations
Guideline 25. Data quality management
Guideline 26. Mechanisms for information retrieval and analysis
Guideline 27. Information retrieval and analysis for actuarial work
B. Key Technologies
B.1. Interoperability
Guideline 28. Institutional interoperability framework
Guideline 29. Workplan for the implementation of interoperability-based social security programmes
Guideline 30. Institutional interoperability application model
Guideline 31. E-government services
Guideline 32. Institutional semantic interoperability
Guideline 33. Interoperable shared data services
Guideline 34. Data exchange
Guideline 35. Institutional technical standards on interoperability
B.2. Data Security and Privacy
Guideline 36. Management framework for information security
Guideline 37. Data privacy policies and regulations
Guideline 38. Security measures for data privacy
Guideline 39. Comprehensive access control system
Guideline 40. Security in database systems
Guideline 41. Security in networks and communication systems
Guideline 42. Public-key infrastructure
Guideline 43. Digital identities management
Guideline 45. Security in ICT operations
Guideline 46. Cybersecurity measures
B.3. Mobile Technologies
Guideline 47. Institutional framework for the application of mobile technologies
Guideline 48. Variety of mobile services to be provided
Guideline 49. Mobile device-based user identification
Guideline 50. The mobile device as a gateway for payments and contributions
Guideline 51. Using advanced hardware components included in mobile devices
Guideline 52. Securing mobile applications
B.4. Data Analytics
Guideline 53. Institutional framework for applying data analytics
Guideline 54. Descriptive analytics – Understanding the past
Guideline 55. Diagnostic analytics – Explain the cause of it all
Guideline 56. Predictive analytics – What is likely to happen
Guideline 57. Prescriptive analytics – What action to take
Guideline 58. Analytics of big data
Guideline 59. Machine learning on big data – Supporting decision making
C. Social Security Components
C.1. Master Data Governance and Master Data Management
C.1.1. Master Data Governance and Master Data Management
Guideline 60. Master Data Management and Master Data Governance Programmes
Guideline 61. Strategies, policies and roles
Guideline 62. Optimization of master data value
C.1.2. Master Data Quality Management
Guideline 63. Implement Master Data Quality Management
Guideline 64. Preventive measures to foster the quality of master data
Guideline 65. Improvement of master data quality
C.1.3. Master Data Architecture, Design and Implementation
Guideline 67. Architectures for master data systems
Guideline 68. Implementation of master data systems
Guideline 69. Master data system interoperability
Guideline 70. Security and privacy of master data
C.2. ICT-based Implementation of International Social Security Agreements
C.2.1. Governance and Management
Guideline 71. Governance and management of the ICT-based implementation of international agreements
Guideline 72. Strategy and action plan
Guideline 73. Administrative principles for the main operations and resources of the agreement
C.2.2. Architectures
Guideline 74. International architecture
Guideline 75. National architecture
Guideline 76. Institutional architecture
C.2.3. Interoperability for International Agreements
Guideline 77. Interoperability framework for international agreements
Guideline 78. Semantic interoperability
Guideline 79. Interoperable services
C.2.4. Security and Authentication for International Agreements
Guideline 80. Authentication framework
Guideline 81. Model for implementing authentication of transactions in the institutions
Guideline 82. Security policies and measures for transactions and digital certificates
Guideline 83. Enforcing data protection in transactions and in digital certificates
C.2.5. Operational Processes and Information Models
Guideline 84. Operational processes related to the scope of the agreement
Guideline 85. Processes related to notifications of changes and concerning other relevant information
Guideline 86. Information models of the data exchanged
C.2.6. ICT Operations of the International Agreements
Guideline 87. Service levels for the agreement
Guideline 88. Setting up and managing the ICT operations for international social security agreements
C.3. eHealth – ICT Application in Healthcare
Guideline 89. Framework on eHealth: ICT policy, strategy, and regulations for healthcare
Guideline 90. ICT-based implementation of healthcare services in management and support functions
Guideline 91. Electronic health record system
Guideline 92. eHealth interoperability at institutional, national and international levels
Guideline 93. The application of mHealth
Guideline 94. Provision of telehealth – The practice of medicine at a distance
Guideline 95. The use of social media to communicate on health related matters
Guideline 96. Potential uses of emerging technology, big data and new data sources
Guideline 97. Specific data protection and privacy considerations
Guideline 98. Permanent evaluation of ICT health applications and services
C.4. Implementation of Social Security Business Processes
Guideline 99. Institutional business process model for social security processes covering different schemes
Guideline 100. Registration as a common process to all schemes
Guideline 101. Contribution collection as a common process to all schemes
Guideline 102. Receiving benefit applications through a common process
Guideline 103. Control and adjudication of long-term benefits
Guideline 104. Control and adjudication of hybrid benefits
Guideline 105. Control and adjudication of short-term benefits
Guideline 106. Payment as a common process to all the schemes
Guideline 107. Appeals and complaints management as a common process to all schemes with specialized approaches for different types of users
Guideline 108. Permanent evaluation through a connection between business processes and key performance indicators

The institution establishes an information security management framework which defines the main procedures, duties and responsibilities in this domain.

ISSA Guidelines:

Information and Communication Technology

ISSA Guidelines:

Information and Communication Technology

Information and Communication Technology -
Guideline 36. Management framework for information security

Information and Communication Technology - Guideline 36. Management framework for information security

Information and Communication Technology

Information and Communication Technology -
Guideline 36. Management framework for information security