top of page

Information Security Policy

Version: 1.0  

Effective Date: July 25, 2025      

​

1. Purpose  

This policy establishes the framework for managing information security within NIICA, ensuring the confidentiality, integrity, and availability of information assets in compliance with ISO/IEC 27001:2022.  

 

2. Scope  

This policy applies to all employees, contractors, and third-party users who access or manage NIICA information systems, data, and infrastructure.  

 

3. Objectives  

Protect information assets from unauthorized access, disclosure, alteration, and destruction.  Ensure compliance with legal, regulatory, and contractual obligations.  Promote a culture of security awareness and responsibility.  Support the implementation and continual improvement of the Information Security Management System (ISMS).  

 

4. Information Security Principles  

  • Confidentiality: Information is accessible only to authorized individuals.  

  • Integrity: Information is accurate, complete, and protected from unauthorized modification.  

  • Availability: Information and systems are accessible when needed.  

 

5. Roles and Responsibilities  

  • Senior Management: Provide leadership and resources for the ISMS.  

  • Information Security Officer: Oversee ISMS implementation and compliance.  

  • Employees and Contractors: Follow security policies and report incidents.  

 

6. Risk Management  

Risks to information assets shall be identified, assessed, and mitigated through a formal risk management process. Controls shall be selected based on risk treatment plans aligned with ISO 27001 Annex A controls.  

 

7. Access Control  

Access to information systems shall be granted based on the principle of least privilege and role-based access. Authentication mechanisms shall be enforced.  

 

8. Incident Management  

Security incidents must be reported immediately. A formal incident response process shall be followed to contain, investigate, and resolve incidents.  

 

9. Compliance and Audit  

Regular audits shall be conducted to ensure compliance with this policy and ISO 27001 requirements. Non-compliance shall be addressed through corrective actions.  

 

10. Policy Review and Updates  

This policy shall be reviewed at least annually or upon significant changes to the organization or regulatory requirements. 

​

1333 Ashton Rd.

Hanover, MD 21076

© 2026 The National Institute for Industry and Career Advancement. All Rights Reserved.

The National Institute for Industry and Career Advancement (NIICA), formerly known as the National Institute for Innovation and Technology (NIIT), the leader in building the nation's talent pipeline in semiconductor and advanced manufacturing, is in no way affiliated with the National Institute of Information Technology. If you are looking for more information about the National Institute of Information Technology, visit www.NIIT.com.

bottom of page