Operationalising information security

Since January 2014 all government institutions in Denmark have been obliged to follow the international standard for Information Security ISO/IEC 27001.

ISO/IEC 27001 is an international standard on how to manage information security. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).

In order to secure and strengthen the information security level across government institutions, these are required to report progress on implementation of the ISO 27001 standard and a set of technical minimum requirements bi-annually to the Danish Agency for Digital Government.

ISO maturity reporting

Following the National Strategy for Cyber- and Information Security the government decided to further strengthen the focus on all of the government institutions implementation of the ISO/IEC 27001 standard. Therefor the Danish Agency for Digital Government is responsible for an annual measurement of the implementation of the ISO/IEC 27001 standard to see how far the institutions are with the implementation. The government institutions that have not fully implemented the standard will have to complete a plan of action for them to obtain the full implementation.

Technical minimum requirements

In the National Cyber- and Information Security Strategy 2018-2021 it was decided that the state authorities must comply with a number of technical minimum requirements for security in ICT solutions in order to ensure a high common level of security in the Danish state.

As part of the National Cyber- and Information Security Strategy 2022-24 the technical requirements have been evaluated and expanded with new requirements, in line with the technical development, for the state authorities to follow.

Read more about the National Cyber- and Information Security Strategy