Privacy policy

Mng / Eng

I. Introduction

The purpose of this Privacy Policy is to provide clarity on how the "Risk Assessment System and Mobile Application" collects, processes, and uses user data. It aims to ensure the integrity and confidentiality of users' personal information, improve operational efficiency, facilitate communication with users, and support secure and reliable functionality.

II. Information Stored in the System

The Information Security Department (ISD) utilizes this system to assess and mitigate cyber risks of organizations related to critical information infrastructure and government networks. This includes identifying vulnerabilities, evaluating cyber threats, determining risk levels, and providing recommendations to enhance cybersecurity. The system also enables rapid reporting of cyber incidents.

III. Data Collection and Usage

Authorized users from organizations connected to critical information infrastructure or government networks may log in to the system or application to input data related to their IT resources, systems, networks, and equipment. Additionally, they can report cyber incidents. User data is used for the following purposes:

  • Assessing the organization's risk level of cyber threats and generating reports or recommendations.
  • Delivering security alerts, producing statistical reports, and fulfilling legal obligations.
  • Detecting, preventing, and mitigating cyber threats to ensure cybersecurity.

IV. Data Sharing and Disclosure

The ISD will not share or distribute registered information from the risk assessment system or application to third parties without the organization's consent. Data will not be used for purposes other than those outlined in this Privacy Policy.

V. Information Security

The ISD is committed to safeguarding user and organizational data from external and internal threats that intentional or accidental. It adheres to laws and regulations such as the Cybersecurity Law, the Law on State and Official Secrets, the Law on Personal Data Protection, and other relevant legal frameworks in Mongolia.

However, users are responsible for protecting their own information. Sharing login credentials is prohibited, and the ISD will not be liable for damages resulting from unauthorized access due to credential misuse.

VI. Amendments to the Privacy Policy

The ISD reserves the right to modify this Privacy Policy. Any changes will be published on the official website www.isd.gov.mn and will take effect immediately upon posting.

VII. Contact Information

For questions, clarifications, or suggestions regarding this Privacy Policy, please contact us via email at info@isd.gov.mn or by phone at [+976 9226 1009].