v2.0 (Q1 2024)

Authentication through organisational identity

End-user authentication for applications takes place through a trusted Identity Provider for anyone with access to organisational data. The organisation has a defined relationship with individuals that have been given...

Secure behavior

The organisation has a coherent awareness program that identifies the knowledge relevant to information security various stakeholders must have, the ways to measure the current level of knowledge, and includes...

Team capacity monitoring

Teams plan to have sufficient capacity to execute important tasks, also during holidays. There is monitoring on the capacity of the team and structural understaffing gets flagged and addressed. There...

Non-Disclosure Agreements

When working with sensitive information, individuals are required to agree with and sign a non-disclosure agreement (NDA). At a minimum the NDA specifies how the individual should handle the sensitive...

Staged warning model

The organisation has a policy for disciplinary action and inappropriate handling of information. Police reports will be filed when willfully breaking of the law or actions with criminal intent are...

Background Check

Before commencement of processing activities background checks are performed for all individuals working with sensitive data and systems to determine integrity and suitability for the tasks and ensure secure behaviour....

Identification

Before commencement of processing activities all individuals working with data and systems have been identified using a nationally issued Identification Document or through a trusted federated identity provider.