The Directorate of Labour’s security policy

1. The Directorate of Labour’s information system is securely managed with the goal of fulfilling the directorate’s legal obligations and ensuring that the information is correct, available and confidentiality is maintained.
   
   
2. The Directorate of Labour's security policy applies to all its operations.
   
   
3. All employees of The Directorate of Labour and its partners must abide by this policy, encourage others to abide by it and make comments on security anomalies where applicable.
   
   
4. The Directorate of Labour guarantees knowledge of the policy and information security by making it accessible and providing training in the matter.
   
   
5. The information technology board aims to fulfill the directorate’s legal obligations and its duties according to law on data protection. To achieve these goals the directorate will create a formal risk management procedure based on ISO/IEC 27005:2011 as well as looking at ISO/IEC 27001-2013 on information security management systems and to ISO/IEC 27002/2013 on practices for management of information security.
   
   
6. More details on how the policy will be implemented are in the documents “Risk management procedure of information technology” and “Information security management systems”.
   
   
7. The information security administrator is responsible for following the policy.
   
   
8. The Directorate of Labour’s Director General is responsible for the policy, and reviews it every two years if necessary.