Status survey for ISO27001

26-03-2018

In 2017, the Danish Agency for Digitisation conducted a survey on the implementation of ISO 27001 by central government authorities. A total of 87 authorities participated in the survey.

The aim of the survey was to identify the areas that require additional measures to support central government authorities in their implementation of the security standard ISO 27001.

Furthermore, the government is about to present a new strategy for cyber and information security. The strategy will include initiatives to help ensure that central government authorities improve their work on information security.

The conclusion of the survey is as follows:

  • Good support from management but large dispersion in maturity on several parameters.
    The result of the survey confirms that there is a large dispersion in the maturity of work on information security. A large percentage of respondents (67 pct.) consider management support to be good, and this is confirmed by the fact that few indicate that there are challenges within this area.

  • Room for improvement.
    With respect to improvement, the survey shows that work on risk assessment and supplier management in particular is less mature and is generally considered more challenging. There is a need for more external support and guidelines in these areas. The same applies for work on contingency plans, and in this context, exercises and tests are considered especially difficult.

  • Another important conclusion from the survey is that few of the respondents state that they fully perform evaluation and follow-up on their information security work. For example, very few respondents evaluate the actual level of awareness in the organisation. In relation to this, the survey also shows that work on plans for security activities is immature.

Read the results of the survey (in Danish)

Background for the status survey for ISO 27001

The government’s decision in 2014 requires that government authorities comply with the ISO27001 international security standard by the beginning of 2016.

The key to improving cyber and information security in Denmark is to secure systematic and standardised work within the area through implementation of the ISO 27001 security standard. The Danish Agency for Digitisation has prepared guidelines and tools to ease the work by central government organisations on introducing and implementing ISO 27001 and to create an understanding for the principles of the ISO standard in general.

Read more about ISO27001 and associated work here