Information Security Management System (ISMS)

KTH works systematically with information security to protect the organization's information through classification, risk analysis, and continuous monitoring. By following regulations and implementing procedures, the right protection for sensitive information and the continuity of operations are ensured.

KTH's work with information security is governed by the regulations of the Swedish Civil Contingencies Agency (MSB) and is based on an information security management system (ISMS). The goal is to assess the value and sensitivity of information through classification and risk analysis to ensure appropriate protection.

The process includes several steps, such as information classification, risk analysis, and the implementation of policies and procedures. Information classification is carried out to determine the level of protection needed, and risk management involves identifying risks, threats, and vulnerabilities. There are also regular controls and a structured approach to incident management.

KTH's data protection efforts involve active collaboration between various functions, including the CISO and the IT department. Physical security, access controls, and management of information systems are key areas, with continuity planning and change management also included. To ensure compliance, audits, risk analyses, and continuous monitoring of systems and procedures are conducted.

In summary, KTH works systematically to protect information through a well-structured process, from planning to continuous monitoring and improvement.

My employment

Support and service

Education

Research

Organisation and regulations

Information Security Management System (ISMS)

Contact