In 2013, the ITL administrator initiated the security working group. The working group established
objectives and made plans to adopt the ISO/IEC 27001 standard for managing the security of information assets
within the systems supporting emissions trading under the Kyoto Protocol, as recommended in the 2012
report of the ITL administrator (562 kB) .
The objectives of the working group are to raise the awareness of all stakeholders involved in emission
trading under the Kyoto Protocol of the need for information security and to ensure a comprehensive approach
to information security management.
The working group initiated its work by defining and valuating the assets in the scope of securing emission
trading related information. Based on the agreed scope, the working group analysed known threats and
vulnerabilities, and agreed on a baseline of controls.
Following guidance provided by SBI 40, the security working group conducted a registry-specific and
quantitative risk assessment which confirmed varying levels of maturity of information security in the
registry systems. Currently, the security working group is in the process of preparing a proposal for
implementation of further security controls, including the related resource requirements. The proposal will
be finalised for consideration by SBI 42 in June 2015.