Data security in the Philippines is only growing stronger, thanks to the companies that hold it with utmost importance. One of the main drivers to this undertaking is the Republic Act No. 10844, which stipulates that the Department of Information and Communications Technology (DICT) must warrant the security of Critical Information Infrastructure (CII).
What is Republic Act No. 10844?
Also known as the Department of Information and Communications Technology Act of 2015, Republic Act No. 1044 of the Philippines was created in recognition of the significance of information and communication in nation-building and global competitiveness.
Areas of focus include policy and planning, resource-sharing, consumer protection, and industry advancement.
The act states, among other declarations, in its policy to guarantee:
- Information and communications technology (ICT) infrastructure, systems, and resources that are not only reliable and cost-efficient, but also citizen-centric
- Universal availability and accessibility of affordable, secure, and quality ICT services
- Development and convergence of emerging ICT and ICT-enabled facilities
- Promotion of digital literacy and ICT expertise to contend in the evolving digital age
- Recognition of the people’s rights to privacy, confidentiality of personal information, and consumer welfare and protection
- Security and safeguarding of critical information, including, but not limited to, assets of individuals and businesses
- Promote and foster the growth of the ICT sector
To make certain that entities with information assets comply with the requirements of data privacy and consumer protection, the National Cybersecurity Plan (NCSP) 2022 was published in May 2017. The Implementation Plan requires carrying out cyber resiliency measures and conducting the Security and Protection Assessment to serve as the official reference for all CIIs.
Keeping Businesses and Individuals Secure
With the growing dependencies on ICT comes the responsibility of making CIIs trusted and secure, as failure to do so can cause direct and significant consequences to the safety and security of the people.
The increase of the interconnectivity between cyberspace and physical space is bigger than ever, and so are the number of personal data breaches. Phishing, targeted information stealing, and illegal money transferring are only a few examples of the risks associated with enterprises that utilize ICT. As such, it cannot be denied that cybersecurity incidents are becoming a serious social concern.
It is crucial for both businesses and the government to take precautionary measures and conduct procedures to address potential threats. Thus, in accordance with the law, and to help improve cyber resiliency, the assessment for security and protection includes Vulnerability Assessment and Penetration Testing (VAPT) and Information Security Management System (ISMS).
Applying entities must send a letter of intent to the Assistant Secretary for Cybersecurity and Enabling Technologies, submit their company profile, and show relevant accreditation from local or international bodies to be a recognized under the Bureau.
AltPayNet has the capacity, credentials, and expertise to provide Vulnerability Assessment and Penetration Testing (VAPT) and Information Security Management System (ISMS).
Globally competent entities that use information and communications technology must uphold the cybersecurity laws of the countries they conduct business with as proof that they legitimately take measures to ensure data privacy and security not only to the government, but also to their users and consumers.
At AltPayNet, we understand the ramifications of data breaches. We treasure the trust bestowed upon us by the people who use our products and services. Thus, it is our utmost priority to keep all information secure as a company recognized by the Bureau.
We operate by our Cybersecurity Services and Solutions mission: “We extend our services and solutions to our clients to improve their infrastructures and practices through consulting, technology deployment, assessment and audit with wide array of solutions such as PCI DSS, ISO/IEC 27001, PA DSS, IS Audits, GDPR, ISO 22301, HIPAA, Cyber Security, MPAA, HITRUST, FedRAMP, SOC, CMMI).
We also offer in areas covering Risk Management Services (Enterprise Risk Management, Business Impact Analysis, Network Security Review Systems/Server Security Review, VAPT & Application Security Assessments), and Management System Services (Quality Management System, Environmental Management System, OHSAS).”