AUTHORITY REQUIREMENTS. Due to new mandatory regulations regarding information security in government agencies, the University of Gothenburg is currently taking an inventory of the information systems used in its operations. Research leaders are asked to indicate which systems are used in a web-based form. Deadline is July 1st.
- You find the form here: https://forms.office.com/r/tjjGmm0wL0
- Questions? Contact Mathias Arkeklint, IT coordinator at the Institute of Medicine: email@example.com or 0701-46 40 08
The University of Gothenburg is working on a GAP analysis where the security of the systems we have is compared to the security we are expected to have according to MSB’s rules. This analysis then becomes a basis for possible measures to increase safety.
On October 1st, 2020, updated rules came into force for government agencies’ information security that affects the university. The new requirements in the regulations are much stricter and more detailed than the previous revision and are in line with the Government’s assignment to the Swedish Civil Contingencies Agency, MSB.
MSB’s regulations include requirements for safety measures to:
- Ensure that staff process information securely
- Make it difficult for unauthorized access to information on the authority’s premises
- Manage incidents and events
- Maintain continuity during incidents and crises
Several new regulations
In parallel with these updated requirements, completely new regulations on security measures in information systems for government agencies enter into force. Here, MSB clarifies security measures that the authority must take in its technical IT environment and that a risk analysis must be carried out to assess whether additional security measures should be introduced.
The regulations contain basic provisions on, among other things, documentation of the IT environment, which requirements must be assessed in the development, purchase and procurement of information systems, as well as requirements for control that selected security measures meet the needs. In addition, special requirements for safety during operation and management are described.
BY: ELIN LINDSTRÖM