National Database and Registration Authority (Nadra) has assured the citizens of Pakistan that their data is fully secure, and no incidents of data breach have ever been recorded to date, Nadra spokesperson stated this in a statement issued here on Monday.
The spokesperson also highlighted that under the directions of Chairman, Tariq Malik, Nadra has established information security department charged with evaluation and mitigation of external and internal security threats. Nadra employs proactive means of protecting citizen data stored in the National Data Warehouse, adding that confidentiality, integrity and availability of data lie at the heart of the systems, policies and procedures that govern the transmission of data. Nadra has deployed new technology tools to safeguard citizens against identity theft and to protect documents against alteration and forgery. Spokesperson said that the authority after having analysed through the behavioural trends of the data has become more vigilant and routinely takes notice of suspicious attempts to obtain CNICs through the use of fake documents. It instantly investigates such cases to hand over correct information to staffers.
Nadra, which recently announced having successfully registered 92 million citizens with their biometrics, enforces information security standards and policies and employs Information Security certified specialists with decade long experience. The IS department does periodic penetration testing, data center security audit, network security audit and physical security assessments. Each and every transaction in ID card processing is recorded and logged and it can be traced back that who touched whose CNIC during or post processing. Employees of Nadra have been trained how to protect privacy of the citizens and they know that breaching organisation information or citizen's trust would trigger strict disciplinary action. Chairman Nadra, Tariq Malik just announced his zero-tolerance policy in this regard.
The spokesperson added that internal security is just as crucial to Nadra, and the organisation has lived up to its role as a pioneer of cutting-edge security solutions in the country and world-wide, implementing information security strategies, processes and protocols that ensure complete confidentiality, integrity and availability of data. It is this unflinching resolve that has enabled Nadra to achieve "CMMI Maturity Level III" from the US-based Carnegie Mellon Software Engineering Institute (SEI) after rigorous appraisals in activities relating to project management, technology, development and quality management.
An ISO 27001-certified directorate, the Nadra network department as well as the services and applications it hosts are fully secured as per International Organisation for Standardisation (ISO) regulations. A wide range of security procedures have been adopted to safeguard Nadra network including but not limited to physical security, firewall, intrusion detection and prevention systems, Syslog Servers, antivirus and anti-spam tools, and network protocol analyser. After reviewing the responses on questions related to security of citizen's data, Transparency International also announced that citizen's data is safe in Nadra's National Data warehouse. The spokesperson noted that it is because of Nadra secure data center and security locked National Dataware house that other institutions have also hosted their sensitive data and servers in Nadra as well.-PR