The Directorate of Labour’s security policy
- The Directorate of Labour’s information system is securely managed with the goal of fulfilling the directorate’s legal obligations and ensuring that the information is correct, available and confidentiality is maintained.
- The Directorate of Labour’s security policy applies to all its activities.
- All the directorate’s employees and partners must abide by this policy, encourage others to abide by it and make comments on security anomalies where applicable.
- The Directorate of Labour guarantees knowledge of the policy by making it accessible and providing trusted information.
- The information technology board aims to fulfill the directorate’s legal obligations and its duties according to law on privacy. To achieve these goals the directorate will create a formal risk management procedure based on ISO/IEC 27005:2011 as well as looking at ISO/IEC 27001-2013 on information security management systems and to ISO/IEC 27002/2013 on practices for management of information security.
- More details on how the policy will be implemented are in the documents “Risk management procedure of information technology” and “Information security management systems”.
- The information security administrator is responsible for following the policy.
- The The Directorate of Labour’s Director General is responsible for the policy, and reviews it every two years if necessary.