Good function and technical security in electronic communications - PTS-ER-2008:13

18/06/2008

The Electronic Communications Act, or LEK, contains provisions concerning good function and technical security which apply to all parties providing electronic communications networks or related services. The intention of these provisions is to contribute to efficient and secure electronic communications and to establish a basic level of security for these. In this context, 'security' mainly refers to sustainability, accessibility, availability and operational reliability.

The Swedish Post and Telecom Agency's (PTS) General Advice on good function and technical security has been available since May 2007. The General Advice explains the provisions and serves as PTS's recommendations as to how security work can be carried out in order to fulfil the requirements laid down by the Electronic Communications Act (LEK). In this case, security work means preventing interruptions, interference and disruptions by carrying out risk analyses and risk management, planning for the management of inter-ruptions, interference and disruptions and following them up when they occur.

In the autumn of 2007 and spring of 2008, PTS carried out scheduled supervision of compliance with the provisions concerning good function and technical security. These are the overall conclusions of this supervision:

• Security work is being carried out and the provisions contained in LEK and PTS's General Advice are largely complied with
• Increased focus on security work among service providers
• Security work should be documented to a greater extent
• Service providers without own technical infrastructure should also carry out security work
• Management should assume responsibility and more often follow up security measures that are taken

The results and conclusions presented in this report are based on a questionnaire and subsequent follow-up interviews. The supervisory work encompassed 53 service providers, which together represent a very large proportion of all end users in the Swedish market. Five service providers were selected for follow-up interviews based on the questionnaire responses.

The aim of such supervisory work includes spreading awareness of how security work can be carried out to comply with the provisions concerning good function and technical security in order to promote preventive work and preparedness for the management of interruptions, interference and disruptions on the part of service providers. The anticipated impact of supervision is an increased proportion of service providers carrying out regular and systematic security work.