The digitalisation of administrative services and their provision via the internet entails a variety of risks. On the one hand, confidential and personal information is processed within the scope of administrative services. This makes it a worthwhile target for cyber criminals. On the other hand, online access offers new attack surfaces through which information can be siphoned off, authorities can be penetrated or administrative services can be compromised. In addition, further dependencies on service providers arise, especially on electricity, network and web service providers. A potential failure of these service providers jeopardises the provision of administrative services.
These dangers are taken into account in the Online Access Act (OZG) through direct requirements for cyber security and data protection. However, the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG), state-specific data protection laws and the Telemedia Act (TMG) also impose various obligations on OZG projects.
At the same time, the scepticism of users of the new procedures, i.e. administrative employees, citizens and companies, constitutes a further risk in the implementation of the OZG.
In this mixed situation, meeting the regulatory and technical requirements while at the same time integrating all stakeholders early and transparently and implementing changes in hardware and software poses considerable challenges for organisations.
Partner, Consulting, Head of Cyber Security
KPMG AG Wirtschaftsprüfungsgesellschaft
Against the background of these challenges, confidentiality, integrity and availability of the OZG administrative services and the information processed therein must be planned early in the process and lived to the end in order to be able to ensure adequate protection. Personal data, especially sensitive personal data, also require additional protection in terms of transparency, non-confidentiality, intervenability and data minimisation. Services for citizens and companies as well as back-end processes must run stably and the most important services must also be available in emergencies and crises while maintaining confidentiality and integrity.
KPMG supports you with many years of expertise and offers you individual advice and solutions for information security in accordance with BSI IT-Grundschutz and ISO 27001, for business continuity management with BSI 200-4 and ISO 22301, as well as for data protection in accordance with the German Data Protection Regulation (DSGVO) and the federal and state data protection laws. We look back on a large number of projects and years of implementation at federal and state level. Our BSI and ISO certified employees combine specialist and industry knowledge and accompany you in your challenges on a daily basis.
Safety as a central element of user satisfaction
First and foremost is the trust of the users of your OZG services. To achieve this, it is important to establish a comprehensive security process that empowers the entire life cycle of your projects and OZG services: Security requirements are identified and planned for early in the project. Security concerns and risks are identified and addressed through stakeholder analyses and workshops. Security quality gates are created for the project and for subsequent operation. During the implementation of the project, we support you with the conception, coordination and implementation of security measures. The previously defined quality gates ensure high quality and transparency of the project progress. Before the OZG services go live, the necessary processes are created to ensure that security aspects continue to be taken into account during operation: For this purpose, the OZG services are integrated into your processes for authorisation and patch management, but system monitoring and monitoring of the cyber information situation is also an important aspect.
Chart (in German only)
Further information on our range of services in the context of cyber security and data protection can be found here.
Depending on your individual needs, you will receive specific and tailor-made services for the successful implementation of the OZG in your projects, ensuring information security, data protection and emergency preparedness. If you want a comprehensive, lasting and future-oriented solution in these areas, you will receive an information security management system, a data protection management system, a business continuity management system or a combined, integrated management system.
Our consultants support you with many years of expertise from past and comparable OZG projects and the implementation of cyber security requirements in public authorities and business. Together, we create comprehensive protection of the processed information and procedures of your OZG management services against attacks and failures. You receive detection and response capabilities to remain able to act in critical situations. With us, you ensure compliance with all relevant regulatory requirements in cyber security, data protection and emergency preparedness. By starting early in the process, you increase the long-term trust of administrative staff, citizens and companies in you as an organisation and your OZG capabilities.
Co-author: Sascha Hauch