Requirements for Cybersecurity BASIC
– according to issue SSF 1101
The applicant must be a legal person and the company’s client declaration must be signed by an authorised company signatory.
Examples of various requirements
- Strong passwords for user accounts on computers and mobile units.
- Activated encryption of storage space on computers and mobile units where possible.
- Back-up copying of information to the extent determined by the operation.
- Software to protect against malicious code on all computers and mobile units which may be connected to external networks.
- Decisions regarding, and the extent to which, personal equipment may be used in the organisation.
- One or more network units with firewall functionality installed between the company’s internal and external networks.
- Encrypted wireless networks which are protected by a secured protocol and strong password or certificate.
- Legally binding agreements between you and relevant providers when you use external IT services and cloud services.
- New password implemented immediately upon suspicion that the password has become known to someone other than the user.
- All employees undergo basic training in information security in the form of Computer Supported Information
- Security Training for Users [DISA – Datorstödd informationssäkerhetsutbildning för användare] (Swedish Civil Contingencies Agency).
Advantages of certification
- Shows that you are in control of your IT security and take information security seriously.
- Provides solid protection against the most common types of cyber threats.
- Certifies that your personnel have undergone basic information security training.
- Shows that you have the conditions for protecting personal data in accordance with the GDPR.Provides a
- certificate and certification mark with substantial market value.
- Enhances confidence in your organisation on the part of customers, cooperation partners and standards authorities.
The certification process
- You apply for certification in our customer portal.
- In order to ensure that you meet the requirements, you complete an extensive questionnaire (a client declaration).
- We perform an assessment and follow up on the replies in the form and request that you supplement them as necessary.
- You affirm the accuracy of your answers formally through an authorised company signatory.
- We issue a certificate which is valid for three years.
- During the period of validity, we make conduct spot checks to ensure that you continue to fulfil the requirements of the norm.