Security policy
The Directorate of Labour operates an information system in a secure manner with the objective of returning to its statutory role and, where appropriate, ensuring that information is correct, available and that confidentiality is maintained.
The security policy covers all of the Directorate of Labour's activities.
All employees and partners of the Directorate of Labour are obliged to follow this policy, to promote the policy being respected by others and to provide suggestions on safety deviations when appropriate.
The Directorate of Labour ensures knowledge of the policy and information security by making it available and providing education.
The Administration of Information Technology aims to comply with the Act on the Functioning and Obligations of the Directorate of Labour and the provisions of the Act on the Protection of Privacy. To achieve these objectives, the Directorate of Labour will operate a formal risk management process based on ISO/IEC 27005:2011 as well as looking at ISO/IEC 27001/2013 on the Information Security Management System and to ISO/IEC 27002/2013 on the Practice for Information Security Management.
Further details on the strategy are given in the documents ‘Information technology risk management process and ‘Information security management system.
The IT security manager is responsible for the implementation of the strategy.
The Directorate of Labour is responsible for the policy and reviews it every two years as the case may be.