The Ministry of Defence has certified its Information Security Management System under the ISO/IEC standard

The Ministry of Defence of Ukraine has successfully passed certification of its Information Security Management System, achieving compliance with the national standard SSU ISO/IEC 27001:2023 (ISO/IEC 27001:2022).

This internationally recognized standard for information and cybersecurity is designed to establish security processes and measures as a cohesive, continuous system within an organization, based on a risk-oriented approach and the principle of continual improvement. 

The Ministry of Defence is the first among Ukrainian ministries to implement an information security system aligned with these standards. The preparation process took two years, with the assessment conducted by independent external auditors and a reputable certification body.

The ISO/IEC 27001 standard comprehensively covers all security processes and measures. It facilitates the implementation of cybersecurity policies and robust security tools, allowing for the control and mitigation of current risks. The certification currently extends to the IT sector units and the systems supported by the Ministry of Defence’s IT sector. Future steps include expanding its scope to other units and systems within the Ministry of Defence framework.

“A comprehensive approach to cyber resilience is only possible through adherence to leading international standards and best practices. This is crucial not only for our security but also for maintaining the trust of our partners. At a time when our cybersecurity legislation is being updated, the Ministry of Defence is taking the lead. We hope others will follow suit soon, and we are ready to collaborate,” said Kateryna Chernohorenko, Deputy Minister of Defence for Digital Development.