Certificate for Information security management system based on ISO / IEC 27001: 2013 international standard in the scope of information and communication activities of the Data Center for Business Support to the City of Rijeka was given to Deputy Mayor Marko Filipović by Drago Goić, director of SGS Adriatica Certification Center.
The data center combines information city administration systems, utilities and institutions processes and stores huge amounts of data, which often fall into the category of personal data so it is extremely important to implement the appropriate level of protection. The Data Center includes a wide range of services, such as city cards, unified billing of housing costs, information services for citizens or city treasury, which require consistent service availability. Data must at all times be accurate, accessible, and secure from unauthorized access to service delivery.
“This certificate has confirmed the effective implementation of the information security management system at the Data Center of the City of Rijeka and represents a step forward in aligning with the General Data Protection Regulation, known as GDPR, as one of the most important topics in EU and at global level,” said Deputy Mayor Filipović, pointing out that the security of personal data is being given great attention to in the city administration, since much of this data relates to the citizens and companies with which the city operates. Head of Computer Science Institute Željko Jurić pointed out that the Data Center of the City of Rijeka is the most complex information system out of all local self-government units in Croatia, a heart that keeps all data and business processes of city administration and budget users. Well aware of the importance of keeping data in a cloud computing environment from unauthorized access, the City of Rijeka has been investing in information security for many years. The project of establishing an information security management system City of Rijeka realized with its own forces and the certification house conducted the audit. SGS Adriatica Director Goić thanked the City of Rijeka for selecting this certification house for the audit, pointing out that the City of Rijeka is among the few institutions and companies in Croatia that are able to independently organize the information security system.”Currently in Croatia, around 90 companies are certified according to ISO / IEC 27001: 2013 standard , and the City of Rijeka is, after Pula, another unit of local self-government that implemented the ISO standard,” Goic said, adding that the certificate is valid for three years and envisages annual system implementation checks, ranging from the introduction of improvements to how the City of Rijeka faces risks of data security. Head of the information security management system project Danijel Antonić, said it was not about information technology but information security, which implies the security of business processes, human resources, technology and data. The data center is an extremely complex system and the computer cloud is exposed to a cyber attack, putting at risk 85 000 city cards issued by the system. Any work interruption of the Data center work process leads to termination of a number of city services, like charging public transport, charging parking and monitoring the energy consumption. The security management system will continue to be enhanced, and under the constant threat of cyber attacks the main goal is to ensure the continuity of an advanced local e-government that will use the information-communication technology to respect and protect the rights of citizens and their privacy and personal data while providing maximum access to public services and information. The city of Rijeka has long ago recognized the importance of new technologies, often pioneered a number of IT solutions – from the development of the Rijeka’s information integral system, the use of electronic signatures, “smart” traffic lights to a number of innovations on the web portal, smart city cards and GIS portals. Modern information technology solutions, with the aim of ensuring efficient city system management while providing better quality services to citizens, are now integrated into the concept of a so called Smart City.