Checklist

1. Get an overview of digital security.
2. Go through the most common digital security risks.
3. Consider your role in managing digital security risks in your organisation. What kind of digital security risks do you encounter in your work? What are the benefits of risk management?
4. Complete the necessary training courses.
5. If possible, consider participating in digital security events that are suitable for your role.

Read more about the basics of digital security in the Introduction to digital security risk management section of this guide.

1. Decide on the objectives of digital security risk management.
2. Make sure that your organisation draws up a digital security risk management policy and model.
3. Agree on the roles and set appropriate processes. Accept residual risks and their management methods.
4. Share information about the risk management policy internally and externally. Ensure that the risk management policy is implemented in practice.
5. Consider risk management as a whole from the perspective of stakeholders and service chains. How does your organisation manage the risks of service chains?
6. Consider ways to promote a positive risk culture in your organisation. How do you motivate employees to point out digital security risks?
7. Take care of resourcing and ensure an adequate level of competence. Ensure that everyone has enough time at work for risk management and reporting.
8. Monitor the status and quality of risk management regularly, for example, with the help of an annual clock. Update the risk management policy and measures as necessary.

Read more about risk management in the Risk management section of this guide.

1. Familiarise yourself with the basics of safety and security management.
2. Decide the information security principles and outline the measures for safety and security management.
3. Ensure that adequate information security instructions are available for the entire organisation.
4. Ensure adequate resourcing. Make sure that your organisation has enough time and competence to manage deviations.
5. Decide how to deal with disruptions and deviations.
6. Monitor changes in the organisation’s operating environment that may affect risk management and safety and security management. Make sure that your organisation is prepared for the impacts of possible changes.
7. Develop your safety and security management competence. Connect with networks of other actors and utilise stakeholder observations, experiences and good practices.

Read more about safety and security management in the Safety and security management section of this guide.

1. Get an overview of continuity management and preparedness.
2. Decide on the principles and objectives of continuity management.
3. Ensure that processes are made for precautionary measures. Monitor preparedness development and ensure that the monitoring is documented.
4. Decide on the continuity and preparedness processes.
5. Make sure your organisation has identified the critical targets, functions, and resources. Make sure to survey the stakeholders and supply chains too.
6. Verify digital security indicators and use them to assess the state of digital security in your organisation.
7. Connect with networks of other actors and utilise stakeholder observations, experiences and good practices.
8. Develop precautionary measures and continuity management by practising.

Read more about continuity management and preparedness in the Continuity management and preparedness section of this guide.

1. Get an overview of information security.
2. Make sure that your organisation is familiar with the operating environment and regulation applicable to the organisation.
3. Identify the critical targets. Also remember stakeholders and supply chains.
4. Make sure your organisation is protected against data and cyber threats. Take care of resourcing and ensure adequate and regular training for the entire organisation.
5. Make sure that the organisation’s data is protected and backed up. Also ensure that the physical operating environment is protected.
6. Prepare for risks that become real. Ensure that your organisation has up-to-date deviation management, handling and recovery processes.
7. Use reports to learn more about the situation picture. Monitor changes in the security environment.
8. Connect with networks of other actors and utilise stakeholder observations, experiences and good practices.

Read more about information security in the Information security section of this guide.

1. Get an overview of data protection.
2. Make sure that your organisation has identified which types of personal data it processes.
3. Familiarise yourself with the risks associated with the processing of personal data in your organisation.
4. Learn about your organisation’s data protection processes. Monitor and supervise the functioning of the processes and participate in the assessment processes if necessary.
5. Ensure that your organisation also manages data protection risks related to its suppliers and stakeholders.
6. Ensure adequate and regular data protection training for the entire organisation. Make sure that the entire organisation is aware of up-to-date instructions related to data protection and data protection risks.
7. Ensure that the implementation of data protection is planned and documented and that its implementation is monitored in a documented manner.

Read more about data protection in the Data protection section of this guide.

1. Get an overview of digital security.
2. Go through the most common digital security risks.
3. Consider your role in managing digital security risks in your organisation. What kind of digital security risks do you encounter in your work? What are the benefits of risk management?
4. Complete the necessary training courses.
5. If possible, consider participating in digital security events that are suitable for your role.

Read more about the basics of digital security in the Introduction to digital security risk management section of this guide.

1. Get an overview of risk management.
2. Describe the risk management measures.
3. Monitor risks, document them, and report them to management.
4. Share information on digital security risks.
5. Measure the success of risk management.
6. Develop your risk competence and participate in developing risk management in the organisation.

Read more about risk management in the Risk management section of this guide.

1. Familiarise yourself with the basics of safety and security management.
2. Read the information security principles.
3. Plan and scale the measures. Present the actions to your organisation’s management.
4. Prepare information security instructions and share them with the organisation.
5. Assess and address risks.
6. Test and update the security and safety management processes, information security principles and practical measures regularly.

Read more about safety and security management in the Safety and security management section of this guide.

1. Get an overview of continuity management and preparedness.
2. Prepare continuity and preparedness processes from the perspective of digital security.
3. Confirm the roles and responsibilities and inform your organisation of them.
4. Monitor the state of continuity management and preparedness. Identify indicators suitable for the monitoring of situational awareness.
5. Document the plans and practices concerning continuity management and precautionary measures, and maintain the documentation. Make sure that the documentation is also available in unusual circumstances.
6. Develop precautionary measures and continuity management by practising.

Read more about continuity management and preparedness in the Continuity management and preparedness section of this guide.

1. Get an overview of information security.
2. Ensure an adequate level of staff competence through courses and training. Also monitor the state of information security competence of stakeholders and suppliers.
3. Take care of identity and access management. Define the roles and responsibilities related to information security.
4. Ensure and test that the datasets have been tested and backed up. Also protect the technical and physical operating environments.
5. Detect and monitor security breaches. Process and document deviations.
6. Make sure you are aware of your organisation’s deviation management, handling and recovery processes. Identify your role in processes.
7. Monitor the recovery activities and report them to management.
8. Use services, guidelines, tools and networks to develop information security.

Read more about information security in the Information security section of this guide.

1. Get an overview of data protection.
2. Familiarise yourself with the controller’s responsibility and the rights of the data subject.
3. Identify and document data protection processes.
4. Identify and document data protection risks associated with suppliers and stakeholders.
5. Identify and document personal data processing activities that require a Data Protection Impact Assessment.
6. Involve the data protection officer early enough to plan the processing of personal data.
7. Monitor and assess the implementation of data protection in your organisation.
8. Ensure adequate and regular data protection training for the entire organisation.

Read more about data protection in the Data protection section of this guide.

1. Get an overview of digital security.
2. Go through the most common digital security risks.
3. Consider your role in managing digital security risks in your organisation. What kind of digital security risks do you encounter in your work? What are the benefits of risk management?
4. Complete the necessary training courses.
5. If possible, consider participating in digital security events that are suitable for your role.

Read more about the basics of digital security in the Introduction to digital security risk management section of this guide.

1. Get an overview of risk management.
2. Report any digital security risks and deviations you have noticed as soon as possible to your supervisor and the data security and protection officer.
3. Be available until you receive a reply to your notification and provide additional information if necessary.

Read more about risk management in the Risk management section of this guide.

1. Get an overview of information security.
2. Identify the security risks related to your role and work.
3. Protect and back up your data.
4. Make sure to protect the physical environment. For example, do not connect alien equipment to your PC or allow unfamiliar people to access your organisation’s facilities.
5. Monitor information security risks and record them.
6. Report any deviations you have noticed as soon as possible to your supervisor and the data security and protection officers.
7. Wait for them to contact you and stay available until you receive a reply to your notification. Provide additional information if necessary.

Read more about information security in the Information security section of this guide.

1. Get an overview of data protection.
2. Identify the most common data protection risks.
3. Learn about the rights of the data subject.
4. Consider whether your work involves data protection risks. If necessary, ask your supervisor or the data protection officer of your organisation for help or advice.
5. Report data protection risks and deviations to your supervisor as soon as possible.
6. Wait for them to contact you and stay available until you receive a reply to your notification. Provide additional information if necessary.

Read more about data protection in the Data protection section of this guide.