Security & privacy
Security & privacy
Security & privacy
Information security
Information security at Sigedis is based on a structured approach that complies with the legal, technical and organisational requirements set at national and European level.
Our goal is to ensure the resilience of our systems, the protection of sensitive data and the continuity of services for all our users – citizens, institutions and partners.
Our standards for compliance
NIS2 – European Cybersecurity Directive
The NIS2 Directive (EU 2022/2555) sets enhanced security rules for entities considered to be essential or important. As a public sector player operating in the social sector, Sigedis falls directly within the scope of this directive, particularly in terms of governance, risk management and incident detection and response.
Find out moreay11.link.new_window
GDPR– General Data Protection Regulation
GDPR (EU 2016/679) sets a framework for the processing of personal data. It imposes strict obligations regarding transparency, security, purpose limitation and the rights of data subjects.
Sigedis complies with these requirements through an up-to-date processing register, a designated DPO and procedures for managing data access rights, and the correction and deletion of data.
Find out moreay11.link.new_window
Minimum security standards (MNM – Crossroads Bank for Social Security)
These standards are the mandatory foundation for security measures for all social security organisations in Belgium.
They cover data classification, access management, log monitoring, physical protection and incident management.
Find out moreay11.link.new_window
CyberFundamentals – Cybersecurity Centre Belgium (CCB)
CyberFundamentals is a structured framework offered by the CCB that is designed to help organisations strengthen their cybersecurity maturity.
Sigedis uses this framework and aims for the "essential" level, which is built around five key functions:
- Identify (assets, responsibilities, business environment)
- Protect (access, systems, data)
- Detect (events, vulnerabilities)
- Respond (incidents, communication, coordination)(incidents, communication, coordination)
- Recover (continuity, restoration, lessons learned)
A CISO is appointed to lead this strategy, working closely with the DPO, who is responsible for ensuring compliance with GDPR.
