IT security in Faroese public admin “inadequate”

The conclusion is the same today as six years ago: IT security in the Faroes is not up to scratch. So concludes a scathing report from the National Audit Office.

In April last year, the government ministries received a circular letter asking them for a situational report on IT security in public administration institutions.

The institutions, some of which handle sensitive personal information, were asked to answer eight questions regarding their IT security.

No replies

According to the new report, no replies came in until months after the response deadline, even after reminders. And many of the institution did not reply at all.

This is unacceptable, says the National Audit Office, which concludes from of the submitted replies that there is a fundamental lack of understanding of IT security issues in the public sector.

For instance, only one in five public institution has implemented contingency plans relating to IT security.

Although national IT administration KT Landsins administers the IT infrastructure, governmental ministries and public institutions are fully responsible for the data they process, according to the new report.

A serious problem

In general, the report continues, the managements of these institutions do not appear to understand this crucial point about responsibility of their data, and it is highly problematic that institutions with highly sensitive information fail to provide basic information about their IT security.

The report concludes that since not all public administration institutions appear to be capable of administering their data, it is not certain that the national IT resources are in safe hands.

Translated by prosa.fo