NIS 2 in the municipalities

This section deals specifically with municipalities.

Municipalities must comply with the NIS 2 law on cybersecurity – and what does that mean?

To cut to the chase, here are three points you should pay attention to:

1) You need to know what it means to ensure a high level of cybersecurity 

2) From must know that the board of directors is responsible, and that the board of directors must manage the effort 

3) You must be able to identify, assess and manage risks, for example, vulnerabilities in the municipality's IT systems

Municipalities must therefore strengthen their work with cybersecurity. This is primarily about protecting the IT systems and the data that the municipality uses to make decisions and deliver services to citizens.

 Municipal activities should not stop because of a cyberattack. And if the worst happens, municipalities should be able to quickly resume their activities so that citizens are not let down.

 The responsibilities of the municipal executive board mean that new tasks will arise in the coming years. This applies in particular to the following:

 The management must establish policies for what the municipality's organization must do in terms of ensuring an appropriate level of cybersecurity

  1. The management must appoint new roles and/or strengthen existing ones so that the established policies can be adhered to in daily life.
  2. The management must ensure that the rest of the organization identifies cyber risks and presents them to the management, which then decides whether they can be accepted or must be addressed.
  3. The Executive Board must ensure that both technical and organizational capabilities are strengthened, including the ability to respond effectively to incidents through established policies.
  4. The management must ensure that critical suppliers have and continuously maintain a high level of information security.
  5. The executive board must agree that the work must be planned on an annual basis, and that there must be ongoing follow-up on whether the policies are being complied with, so that the executive board always has an up-to-date picture of the cyber risks that the municipality has chosen to live with.

In short: In other words, the municipality's cybersecurity efforts run from the municipal executive's policies down through the administration and - since the municipalities are so digitalized - to a large extent out to the suppliers via tenders and back to the executive in the form of risk assessments. The executive must continuously know whether there is an appropriate level of cybersecurity that protects citizens' information and data.

Most municipalities already have a good handle on cybersecurity, for example if they work systematically and broadly with the ISO 27001 standard. However, in the coming years, it can be expected that a number of municipalities will need to strengthen existing efforts.

We are happy to help you from start to finish - we are on the SKI agreements 02.14 (direct) and 02.15 (EPICO as consortium holder)

You are now ready to continue from the beginning: NIS2 – UNITAS

Tagged ,

We throw ourselves around with knowledge...

Order your free material here and receive it in a few minutes in your inbox. To be safe, check your SPAM folder if necessary.

Get material ordered on the website sent

Contact Unitas – your partner in security and compliance

Unitas provides reliable advice in compliance, IT and information security. With a pragmatic approach, we help companies in regulated industries manage security and operational responsibility effectively. Contact us to discuss how we can help you.

Form for contact page