Companies and organizations that want to connect to the public digital infrastructure must adhere to the requirements of the National Standard for Identity Assurance Levels (NSIS).
NSIS is the Danish implementation of an EU regulation that, through a number of technical and organizational requirements, will create a common framework for trust in digital identities and digital identity services across the EU.
In practice, the implementation of NSIS means that with a Danish MitID you can use public systems in other EU countries and vice versa.
It also allows municipalities, regions and other organizations to give citizen and user-facing employees a single sign-on so they don't have to log in every time they need access to personal data.
The NSIS standard defines three assurance levels for identity assurance and authentication: Low, Significant and High. This provides greater flexibility for identification in different self-service solutions.
NSIS has a major impact on identity solutions such as MitID and MitID Erhverv/NemLog-in and on decentralized solutions such as Local IdP.
Companies and organizations that use authentication against public IT systems must ensure that their solutions meet the requirements of the NSIS standard if they want to connect to the national digital infrastructure.
If your company or organization wants to be part of the national digital infrastructure, you must submit a notification to the Agency for Digitization's NSIS Supervision, documenting that your ID service meets the NSIS standard.
The rules state that the notification must include, among other things, an audit opinion from an independent certified public accountant or a so-called conformity assessment body.
ISAE 3000 is a typical statement
The audit statement is typically prepared according to the ISAE 3000 standard and its purpose is to conclude whether the organization as a whole has established all the procedures and controls relevant to the assurance level it has chosen. All requirements must be met before the solution can be said to meet the NSIS standard.
Thereafter, companies and organizations at assurance levels Significant or High must submit a so-called Type 2 audit statement every year, confirming that they continue to meet the requirements.
Read more about it
> Audit statements according to the ISAE 3000 standard
> ISO 27001 / internal audit
inforevision performs internal audit and assurance assignments for a wide range of companies and organizations.
Contact us for a no-obligation conversation about what you need and how we can help.
We are always ready to meet. Let's have a no-obligation conversation about what you and your business need and what we can offer. Just fill in the fields in the form and we will contact you shortly.
You are also welcome to call or email: +45 39 53 50 00 / info@inforevision.dk