Niels Madelung, chief consultant at Dansk Standard invited me as co-author on this article on how to deal with the challenge of managing the responsibility of information security to achieve compliance with data protection legislation. The article is a contribution to the current ongoing debate in Denmark, questioning organisations information security capabilities. The article was published in the Danish newspaper Jyllandsposten on May 28 2014.
Niels has years of experience as a consultant on information security, and I worked with Niels in the implementation of the Auditdata A/S Information Security Management System in accordance to the ISO 27001 standard, which was certified by DS Certificering in 2012. Auditdata A/S is a vendor to the NHS in the United Kingdom, and has gained substantial experience in managing the ISO 27001 certification requirements with the British market.
Other public healthcare markets such as Norway and Sweden have similar strict requirements on data protection and information security legislation compliance. The Danish market can be said to be years behind these markets, and the current ongoing debate is a needed and most likely the beginning of a change of the political and industrial focus on information security in Denmark.
This article is a contribution to information security stakeholders to become informed that both standards and methods are readily available for implementation to deals with the issue – and it is not really that difficult to solve the issue.
Link the article in Jyllandsposten.
Link to a pdf version of the article: Debatindlæg Jyllandsposten 28-05-2014