Information security in Saxony

Saxon Information Security Act

Last year, the Saxon Information Security Act was passed. The aim of the law is to improve information security in the Free State of Saxony. Now that a bit of normality is gradually returning to the daily lives of citizens, projects related to information security can now be continued or reconsidered.

The Corona crisis understandably pushed this issue far into the background at first. People’s lives and health are simply more important than data!

Nonetheless, if feasible, the topic of “security of confidential information” should gradually come back into focus. For this reason, we have compiled the basics of the law in this information letter to provide municipalities with an easy introduction to the subject.

1. Appointment of an Information Security Officer

Each municipality should appoint an Information Security Officer by December 31, 2020. This can be an internal employee who should have available resources and the necessary expertise. If no internal employee is available, according to the Saxon Information Security Act, you may also appoint an external Information Security Officer. This person should not be located too far away to be able to get an on-site impression of the implementation status of the information management system, if necessary.

2. Information Management System

To emphasize the importance of information security to all employees and stakeholders, the Saxon Information Security Act recommends that non-governmental entities align themselves with the modernized IT Baseline Protection Compendium of the Federal Office for Information Security (BSI). This compendium provides structured, pre-prepared modules for each IT system according to the expected risk level. Among other things, every municipality should have:

• Trained/sensitized employees
• A risk analysis
• A process for reporting incidents
• Securely configured IT systems

verfügen.

That sounds like quite a bit of work at first. But Rome wasn’t built in a day. Change takes time. The introduction of new guidelines or the modification of processes should be adapted to your daily tasks and possibilities.

3. Reporting Obligations for Incidents

The reporting obligations of the Saxon Information Security Act must be complied with by all municipalities whose IT systems are connected to the Saxon Administrative Network or the Municipal Data Network. If the Municipal Data Network is affected, the Information Security Officer of the Municipal Data Network operator must be informed immediately. Incidents not affected by this obligation may be voluntarily reported to the Security Emergency Team.

4. Transitional Regulation

Security concepts are to be revised for the first time in 2024. The implementation of the requirements can only take place by December 31, 2020, within the available budgetary resources.

From the law on IT to implementation!
                      We love information security

If you have any consulting needs in this regard, we offer you the assignment of an external information security officer. This officer will accompany you during the implementation and, if desired, thereafter as well.
We place great emphasis on customizing the IT security concept to fit your specific needs. Because you matter to us.

What services can you expect?
We provide on-site, telephone, and online consulting during the implementation project.
All relevant areas and systems are included in the assessment.
Employees are trained in handling IT and confidential data.
What sets us apart?
Our consultant Carina Thomas has many years of experience in implementing information management systems in companies and authorities.
She regularly participates in further training on IT security.

We are all currently in an exceptional situation that, just a few weeks ago, no one could have anticipated to this extent. It poses unforeseen challenges for municipalities as well as citizens. When we look back someday, we will likely realize that this very situation has probably advanced us significantly in terms of digitalization and trust in ourselves and our colleagues with whom we collaborate. If we all retain a bit of this experience, we already have a good reason to look forward to the time "afterward."

Take the first step toward IT security and arrange a non-binding introductory meeting.

Tel. 0351-21971182