To main content

Information Security Policy

Statistics Sweden’s activities - from questionnaires sent to enterprises and individuals to the final publication of survey results on the agency website or their delivery as part of commissioned services - involve extensive data handling. Furthermore, Statistics Sweden’s collaboration with other Swedish and foreign authorities and organisations requires sound information security.

Therefore, it is essential that information security issues are handled prudently and methodically. The data used and processed by Statistics Sweden constitutes an important strategic asset that must be protected.
Information is defined as all types of data used in the operations, regardless of whether the data is oral or written, and regardless of how it is processed, stored or transported.

General requirements

  • Most security efforts are to be carried out at department and unit level and in maintenance objects in accordance with current regulations.
  • Basic protection is to be in place for all information and premises.
  • Information security issues are to be systematically integrated into day-to-day work.
  • The same level of information security is to apply for work both inside and outside Statistics Sweden’s premises.
  • All personnel is to be familiar with and apply current guidelines on information security.
  • The assignment and removal of access control is to follow established guidelines. Users may only have the authorisations required for their working duties.
  • All personnel are to be informed that their activities in the information systems may be monitored and reviewed.
  • Personnel who handle information pertaining to national security are to undergo security screening under the Protective Security Act and receive training for their task.
  • Information security is to be integrated into administration activities, projects and development.
  • Information security activities are to apply a risk-based approach.
  • A continuity plan is to be in place in the event of particular events and crisis situations.
  • Procedures for handling security incidents are to be in place.
  • Compliance with guidelines is to be checked through regular reviews and controls.

Statistics Sweden’s information security management system (SCB LIS)

Information security operations at the agency are to be governed by requirements contained in Statistics Sweden’s information security management system (SCB LIS). SCB LIS is managed by the Security Office at Statistics Sweden.

SCB LIS comprises the following documents

  • Information security policy
  • Guidelines
  • Instructions
  • Training material
  • Check lists
  • Templates