State and administration
Data Security according to GDPR and Information Security according to BSI (IT-Grundschutz) managing together
BSI standard (IT-Grundschutz) is considered a standard for the development of a management system for information security at authorities and in the public administration. Since the procedure is compatible with ISO 27001, BSI standard (IT-Grundschutz) is also internationally recognized.
Public administration and authorities have with QSEC the advantage of combining both approaches: For example, best practices according to ISO 27001 can be combined with the proposed measures from IT-Grundschutz, thus combining aspects from both standards in your information security management system (ISMS). This combination is proven to be useful and effective when establishing an ISMS.
If you look at the areas of data protection and information security, there are also significant interfaces that should be considered when establishing a data protection and information security management system.
Differences and similarities in the goals of information security and data protection:
|Data Security (GDPR):
|Protection of personal data of natural persons on the basis of strict legal requirements
|Information Security (BSI standard (IT-Grundschutz)):
|Protection of sensitive and relevant information and data based on the possibilities of different concepts (BSI standard (IT-Grundschutz), ISO 27001)
|Technical-organizational measures (TOM’s)
Both data security and information security measures have to be risk-based
this requires the establishment of a P(lan)-D(o)-C(heck)-A(ct) cycle to manage these tasks efficiently and sustainably.