Information security policy

STATEC (the National Institute of Statistics and Economic Studies of the Grand Duchy of Luxembourg) is a public service under the authority of the Ministry of the Economy. Its missions include providing high-quality statistical information to public and private decision makers and citizens.

In the context of its activities, security in the collection, processing, storage and distribution of information is a key issue in terms of confidentiality, integrity, availability and traceability. STATEC may be a target for cyber-attacks due to its role as a public entity, the type of information it publishes and its target audience. Moreover, in a global environment of increased digitisation, interconnections and subcontracting, vulnerabilities may appear that could compromise information security. Finally, STATEC also has a security obligation under legal frameworks and regulations aimed at protecting personal data such as the ESS IT Security framework which is designed to increase trust between members of the european statistical system (ESS) by defining rules and standards for the management, exchange and storing of confidential information within the ESS.

It is therefore essential to define the security principles, objectives and regulations as well as the management system governing information security within STATEC, which is achieved via this information security policy and all related documentation.

STATEC started a project in 2017 to reach a higher level of conformity to the ESS IT Security framework with EU funding over a 3 year period and is now certified.