Organisation

Identification

Before commencement of processing activities all individuals working with data and systems have been identified using a nationally issued Identification Document or through a trusted federated identity provider.

Screen lock

When a workstation is left unattended, the session/screen is locked automatically after a maximum of 15 minutes and the user prompted for re-authentication.

Local privileged accounts

Regular end-users do not have privileged access to endpoints continuously, including but not limited to the ability to modify organisationally managed system settings, changes to environment variables, directly modify the...

Anti-Malware protection

Preventive, detective and corrective measures are in place (especially up-to-date security patches and virus control) across the organisation to protect information systems and technology from malware (e.g., viruses, worms, spyware,...

Scripts and Executables

Unless necessary for executing job responsibilities, by default user endpoints do not allow the execution of scripts and executables. If the function necessitates this access, it will be documented and...

Printing Data-Leakage Prevention

Printing services are appropriately protected: Printers are kept separate from the public internet. Printing requires authentication before printing. No repeating printing statements. Documents are stored encrypted and for as short...

Communicating about incidents

After incidents, the organisation communicates openly and truthfully to affected parties/subjects, without creating additional security risks to the organisation itself. After (potential) major incidents, the evaluation and lessons learnt will...