Citizens and businesses must be able to rely on the security of data exchanges with the government via the internet or email. This requires an effort. To guarantee this security, governmental organisations have to apply several information security standards. These standards help to prevent, for instance, phishing and spoofing, and to secure the connection between a governmental website and its visitors. The Standardisation Forum website explains exactly which standards are used and to what end.
The use of information security standards
The use of information security standards is on the rise. Twice a year, the Standardisation Forum evaluates a group of 560 governmental domains, to check if the standards are being used correctly. The most recent evaluation (March 2019) performed by the Standardisation Forum reveals an application degree of the standards of 91%. At the start of 2018, this percentage was still no higher than 80%. The results of the second evaluation of 2018 can be found in the IV magazine. The Forum will publish the March 2019 results on its website in May 2019.
To perform the evaluation, the Standardisation Forum uses the tooling provided by the Internet Standards Platform. This platform is a collaboration between the government and the Dutch Internet community. More information can be found on www.internet.nl.
Governments have made agreements about how and when the standards must be implemented and applied within the government. You can find an overview of these ‘desired application agreements’ on the website of the Standardisation Forum. Should it transpire that these standards are insufficiently applied by governmental organisations, in spite of the application agreements of the Government-wide Policy Consultation on Digital Government, or OBDO (in Dutch), the Minister of the Interior and Kingdom Relations can enforce them by law in future, under the Digital Government Act.