Data security and positions with access to confidential information Read full text in English
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies. The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO) is the foundation of the second part (positions with access to confidential information). Only four of the organizations we have audited show an acceptible level of compliance with the 2007 Civil Service Data Information Security Decree, eight organizations show scope for improvement and nine organizations show an unsatisfactory level of compliance with the 2007 Civil Service Data Information Security Decree. When it comes to the audit on positions with access to confidential information almost all organizations show ommisions in compliance to the Security Screening Act. Only the ministry of Defence complies.
- It is not clear who is responsible for which data systems and data chains
- No regular reviews of data protection policy have been planned or performed.
- Vulnerability to next hack attacks.
- There is no clear picture of the security risks associated with information systems.
- the overall package of reliability requirements and security measures is not reviewed at regular intervals.
- Vulnerability to next hack attacks.
- At most ministries, a number of positions with access to confidential information are held by staff who have not been vetted in advance by the General Intelligence and Security Service.
- Lack of a complete set of records of positions with access to confidential information.
- Risk of acces to confidential information or vital objects by unauthorized persons.