Data, Information and Cyber ​​Security

Picture on the way

In the areas of data, information and cyber security, the assessment of 2nd and 3rd parties is increasingly in demand. Therefore, schemes and testing methods are continuously developed in the field. It happens internationally and nationally; managed by authorities, organizations and under the auspices of ISO. DANAK offers accreditation to certification and testing in the field.

 

ISMS, information security

Certification of  a management system, based on ISO standards within the 27000 series. The stadards set the framework for the work of companies and certification bodies. The Danish Agency for Digitisation has prepared guidelines for public authorities on the implementation of ISO/IEC 27001. The guidelines are available on the Agency's website. DANAK offers accreditation for certification of management systems according to ISO 17021-1 with the addition of information security ISO/IEC 27006. Read about accreditation for management systems on DANAK's website, where there is also an application form.

 

GDPR, EU Regulation 2016/679

Handling of personal data. Stakeholders can develop certification schemes within the framework of the Regulation. The schemes must be based on the requirements for product certification ISO/IEC 17065 and the additional requirements set by the Danish Data Protection Agency. The schemes must be recognized by the Danish Data Protection Agency and assessed by DANAK, after which they must be published on the EU's list of schemes in the area. Only then, can accreditation for certification to the scheme be granted. Read more in DANAK's AMC 31 and the Danish Data Protection Agency's guidelines in this area.

 

eIDAS, EU Regulation 910/2014

Requirements for electronic identification and trust services. The area covers: electronic signature, timestamps and authentication of web pages. Companies can be certified on the basis of the requirements for product certification ISO/IEC 17065 plus EU recognized technical standards in the individual areas. The EU requires the use of accredited certification for certain services and security levels. DANAK offers accreditation in the area. With an accreditation, the certification body can apply to the Danish Agency for Digitisation to be notified within the accredited area (included on the EU list).

 

Cyber ​​Security, EU Regulation 2019/881

Common EU rules set requirements for information and communication technology (ICT). ICT can cover products, services and processes in the field, and either testing according to ISO/IEC 17025 or product certification according to ISO/IEC 17065 is required. The common rules are laid down in cybersecurity schemes, where each scheme is based on technical standards and the requirements of the regulation. The schemes aims to ensure that European cyber security certificates and EU declarations of conformity are issued and can be recognized in all EU countries. The EU Commission publishes a list of recognized schemes. Further information can be found on ENISA's website under the menu item "Cybersecurity Standards and Certification". DANAK offers accreditation to testing and product certification in the field.

 

Other schemes

There are a number of other schemes whitin this area that are not currently covered by accreditation. This applies, for example, to the Danish D-mark and the Danish Agency for Digitisation´s  NSIS requirements. Read more about these on the respective web pages.