Information security

The National Paying Agency (NPA) has long-standing experience in ensuring the protection of personal data and the security of information. The NPA Information Security Management System (ISMS) is certified in accordance with international standards, and the Agency continuously enhances its security measures in response to evolving security risks. A comprehensive annual risk assessment is carried out, and its results serve as the basis for improving preventive, technical, and organizational security measures.

Data subjects whose personal data are processed by the NPA may exercise their rights in accordance with the Procedure for the Implementation of Data Subject Rights at the National Paying Agency under the Ministry of Agriculture, approved by Order No. BR1-64 of 28 February 2017 of the Director of the National Paying Agency under the Ministry of Agriculture.

To ensure a high level of service quality and security, the NPA applies strict information security and confidentiality requirements to internal processes as well as to service providers. Service providers’ activities must comply with the requirements established in the NMA Information Security Policy and ensure conformity with the legal acts of the Republic of Lithuania.

NPA Information Security Management System – Certified

In order to ensure the security of the information and information systems under its management, the NPA has implemented an Information Security Management System.

The ISO 27001 standard represents recognised best practice in the field of information security. It is also harmonised with the ISO 9001 standard, which enables the NPA to maintain integrated Information Security and Quality Management Systems. The certificate confirming compliance with the requirements of ISO 27001 is valid for three years (subject to annual surveillance audits), after which the ISMS must be recertified.

A recertification audit conducted in June 2024 confirmed the continuity of the ISMS certification, which has been maintained since 2009. No issues were identified during the audit. The NPA was certified in accordance with the current version of the international ISO/IEC 27001:2022 standard.

The certificate attests to the effectiveness of the NPA’s Information Security Policy, the implementation of the principles of confidentiality, integrity, and availability, and the proper operation of the NPA’s information systems. This strengthens stakeholder confidence in the Agency and promotes the provision of services that meet the requirements of the standard.

 

Last updated: 03-04-2026