PORTNET public Limited Company, The National Single Window for Foreign Trade Procedures allows the dematerialization and processing of authorizations, permits, certificates, customs documents or other documents issued by the State competent authorities through its information system interconnected with the information systems of several partners, State or other public or private stakeholders for the conduct of import and export operations in general.
In order to carry out its mission, PORTNET Public Limited Company collects, conserves, processes, exchanges, uses and disseminates information in several forms. The legal, administrative, or economic value of this information and its importance in Morocco's foreign trade chain justify its adequate protection and appropriate use throughout its life cycle.
For this purpose, PORTNET Public Limited Company has put in place its General Information Security Policy which sets out the perimeter, the principles of implementation and the responsibilities of the actors concerned, in order to achieve the above mentioned goals.
Information Security Goals
PORTNET Public Limited Company undertakes to put in place the measures to ensure appropriate protection of information and information assets from all threats, whether internal or external, accidental or deliberat in order to ensure the main goals of information security:
• Compliance with applicable laws, decrees, guidelines, regulations and the best practices in information security;
• Availability of information and information assets;
• The integrity, confidentiality and traceability of data and information which are produced, collected or exchanged with partners and customers of PORTNET Public Limited Company.
Principles of implementation
PORTNET Public Limited Company. has adopted the ISO / IEC 27001 standards as a reference for good practices in information security and the application of the National Information Systems Security Directive in order to achieve the expected goals of protection by defining 4 principles of implementation:
• The leadership and commitment of senior management in the management of information security within PORTNET Public Limited Company.;
• Assignment of responsibilities and authorities for governance and management of information security;
• Effective, regular and proportionate management of risks and opportunities related to information security;
• Implementation, monitoring, evaluation and continuous improvement of the Information Security Management System.
Scope of application
The general information security policy applies to the information and information assets of PORTNET S.A. whether located at its premises or at the premises of a service provider or a partner and irrespective of their form and support.
Any activity involving the exchange, production, use, communication or preservation of information or information assets belonging to PORTNET Public Limited Company is covered by this policy.
This policy is intended for anyone who has access to information and information assets of PORTNET PLC regardless of employment status, including contract employees, subcontractors and external users as well as all partners, suppliers or other stakeholders.
The implementation of this general information security policy requires the involvement of all PORTNET PLC employees as well as all the stakeholders of PORTNET PLC: partners, port and trade communities, banks, external users, suppliers and subcontractors.
The Information System Security Officer is responsible for the implementation of this policy and for the establishment, implementation, maintenance and continuous improvement of the safety management system Information of PORTNET PLC.