Ensuring the security of networks and information systems is one of the key areas that have been protected by Directive (EU) 2019/1937 of the European Parliament and of the Council. This includes It is in these areas that Whistleblowers can report violations or irregularities they have directly or indirectly witnessed.
What is network and information systems security?
Today, the reality around us is almost entirely dependent on the web and the Internet. The rapid development of new technologies has meant that most organizations must react quickly to changes, and thus, efficiently respond to the challenges and threats associated with them.
IT security covers the protection of physical, electromagnetic, cryptographic, transmission, and networks that are used to generate, store, process, and transmit information. Organizations are required to ensure the security of their employees before processing classified information in systems or an IT network. This should be done through, for example:
- placing devices in security zones,
- securing rooms with special devices,
- marking secret documents and folders with the "confidential" clause,
- the use of equipment, connections, and lines with reduced emissions,
- the use of cryptographic methods of information protection,
- development of detailed safety requirements in the organization,
- compliance with national regulations.
Why is the activity of Whistleblowers in this sector so important?
Whistleblowers contribute to the increasing network and information protection in the following sectors: energy, health care, banking, transport, digital services, also in the cloud, and the case suppliers of basic utilities, such as gas, electricity, and water.
Whistleblower reporting is essential for network security, data protection, and information systems protection. Breaches could have a very negative impact on key areas of economic and social activity and the digital services used. Signaling them also serves to prevent violations of EU regulations. Any irregularities in this sector should be reported using a specially created, internal reporting channel in the organization. The system that allows for signaling violations and has many useful functions is Whistleblower.
Which legal acts concerning the security of networks and information systems are mentioned in the Whistleblower Protection Directive?
The Whistleblower Protection Directive was designed to legally protect Whistleblowers from retaliation. The directive of 23 October 2019 lists the following legal acts that mention the security of network and information systems:
- The directive on the processing of personal data and the protection of privacy in the electronic communications sector is known as the Directive on privacy and electronic communications.
- Regulation on the protection of individuals concerning the processing of personal data and their movement.
- Directive on measures for a high common level of security of network and information systems across the Union.
In summary, ensuring network and information security is very important, and any irregularities in this area should be immediately reported. Ignoring dangerous situations and vulnerabilities may result in a hacker attack, the sale of information on the black market, the accidental installation of malware, or viruses blocking access to your computer. Therefore, reporting irregularities through internal channels aims to strengthen security in organizations and detect irregularities at an early stage of their occurrence. Whistleblower is the system for receiving and handling incidents, fully compliant with the requirements of the directive and ensuring the protection of the confidentiality of the identity of persons reporting violations.