DEN DIG Cyber Security Standard

Published on: Sep 24, 2023

On Sep. 20, DEN DIG updated on implementation of ISO 27001.

  • DEN DIG said all government authorities must implement new version of security standard ISO 27001, which deals with measures for information security.
  • Follows Feb. 2023, ISO commented on use of ISO/IEC 27001 standard, see #162248.
  • Transition Period
  • From release in Sep. 2023, authorities have 1.5 years to implement updated standard.
  • New version freely available to state authorities, organizations, institutions noted in Finance act, and also companies in which state owns majority stake.
  • New standard includes: security committee decides whether updates change the organization's risk outlook; SOA document updated, new measures added/deselected.
  • New measures described, documented; internal policies, procedures, guidelines updated; dialogue with suppliers on changes to existing contractual conditions, data processing agreements and associated operating processes, re updated ISO 27001.
  • Effectiveness
  • Implementation deadline of Apr. 1, 2025.
Regulators
DEN DIG
Entity Types
Corp
Reference
PR, 9/20/2023; ISO 27001
Functions
BCS; Compliance; Cyber; Operations; Outsourcing; Risk; Technology
Countries
Denmark
Category
State
N/A
Products
Corporate
Rule Type
Final
Regions
EMEA
Rule Date
Sep 20, 2023
Effective Date
Apr 1, 2025
Rule ID
185538
Linked to
Rule :162248
Reg. Last Update
Sep 20, 2023
Report Section
EU