NSIS is the Danish government's framework of requirements for information security. It applies to public authorities and private companies that provide solutions to the state, regions and municipalities
NSIS - document your security to authorities and critical partners
NSIS is the Danish government's framework of requirements for information security. It applies to public authorities and private companies that provide solutions to the state, regions and municipalities - especially in emergency response or critical functions.
With an auditor's statement on NSIS, you can prove that your company meets the requirements and can be part of critical supply chains.
What is NSIS?
NSIS (National Standard for Information Security) is a Danish security standard that sets requirements for IT suppliers and partners to the public sector - especially in relation to emergency response functions, infrastructure and critical systems.
The standard draws on ISO 27001, but has separate requirements for e.g. supplier management, incident management and access to data.
When is NSIS relevant?
- When you deliver solutions to the public sector - e.g. data processing, operations or platforms
- When you are asked to document compliance in procurement
- When you are part of supply chains for critical functions
- When you want an independent assessment of your security level in relation to NSIS
- When your customers request a declaration as part of emergency response or supervision
Do you need help getting ready?
We help you assess how closely your setup matches the NSIS requirements - and create a concrete plan on how to meet them.
Read more about our consulting services here
Ready to get an NSIS declaration?
We create ISAE 3000 declarations based on NSIS and the documentation you already have - and guide you through the process with confidence.
Read more about our declarations here
Tool: Lexoforms
Lexoforms can support the documentation of your processes and controls - for example, by gathering documentation and follow-up in one place.
Frequently asked questions (FAQ)
Is NSIS a law?
No - but NSIS is a de facto requirement for public IT deliveries, tenders and security matters, especially if you are part of critical functions.
How does NSIS differ from ISO 27001?
NSIS is based on ISO 27001, but adds requirements - e.g. for incident management, subcontractors and accessibility during emergency situations.
What type of statement do you make?
We use ISAE 3000 - either as Type 1 (point-based assessment) or Type 2 (period-based assessment of effective operation).
Contact us - and get help with your NSIS declaration
Are you a supplier to the public sector - or do you need to demonstrate your information security to critical business partners?
We help you get there - from assessment to final declaration.
Contact Simon
-
Simon Okkels
Simon Okkels is a Certified Information Systems Auditor (CISA®) - a global certification that guarantees deep knowledge of audit processes, reporting and compliance procedures within IT auditing and IT and information security.
Contact John
-
John Richardt Søbjærg
John Søbjærg is a state-authorized public accountant with in-depth knowledge of small and medium-sized companies in many industries. He has many years of experience in advising companies and issuing auditor's reports.
Contact Rasmus
-
Rasmus Lykke Sørensen
We are always ready to meet
Let's have a no-obligation conversation about what you and your business need and what we can offer. Just fill in the fields in the form and we will contact you shortly.
You are also welcome to call us at +45 39 53 50 00 or send an email to
Employees
140
Customers
3900
Revenue
+150 million
Year of establishment
1986
