Information security in public sector
active 4 months, 3 weeks agoThis project addresses a growing and urgent challenge: how can smaller public organisations meet the increasing demands for cybersecurity in a digitalising society? With the implementation of the Cybersecurity Act – based on the EU’s NIS2 directive – public sector organisations must adopt structured, risk-based security work. For small municipalities and publicly owned entities, this is a major hurdle due to limited resources and expertise.
To support this transition we will develop practical tools and guidance tailored to the needs of local public actors. The project targets organisations that provide essential or important services – such as municipalities, local authorities and public utilities – and aims to support them in understanding and applying NIS2 and ISO/IEC 27001 in proportionate, scalable ways.
The project will deliver:
– Self-assessment checklists based on NIS2 and ISO/IEC 27001
– Templates for gap analysis and improvement planning
– Role-specific guidance for management and key functions
– Training and awareness material, especially for decision-makers
By promoting a structured approach to self-evaluation, internal control, and continuous improvement, the project contributes to stronger local cybersecurity capacity, better preparedness, and improved public services.
The Government of Åland’s Digitalisation Unit seeks cross-border partners within the Central Baltic region (Sweden, Finland incl. Åland, Estonia and Latvia) to jointly develop, pilot and disseminate the tools.
The project contributes to Programme Objective 7: Improved public services and solutions for citizens.
