EU Agencies joined the GovSEC user community

On 1 September the GovSEC project reached an important milestone when EU Agencies joined the GovSEC user community. 55 enthusiastic new users from 34 agencies as well as from CERT-EU gathered in their dedicated Teams channel to get the tutorial on GovSEC, a Q&A, but also to get organised as a GovSEC community.



European Centre for Disease Control (ECDC) chairs the EU Agencies GovSEC initiative and has prepared the launch very well. The meeting laid down this user community’s governance principles and participants managed to agree on the work program for collaborating on risk assessments for systems of common interest (referred as “golden records”).



The kick-off was very dynamic, positive and productive: in the end, the prioritised list of 22 risk assessments (RAs) to be made in the first phase was delivered including volunteers in working on the selected RAs. DIGIT C.1 has provided the initial support for setting up the tool and has also offered its Office 365 risk assessment family imported to the GovSEC instance dedicated for EU Agencies Network (EUAN). CERT-EU representatives confirmed their commitment to support, review and validate the “golden record” RAs. The overall takeaway was enthusiasm and gratitude for the GovSEC application and the efforts DIGIT supported by ISA² has put into realising it.  

GovSEC is an online tool for assessing and managing risks associated to an information system. It is meant to be used by Risk Managers who are carrying out the risk assessment for an existing or planned information system, or by Local Informatics Security Officers for monitoring the risks identified, the security measures planned and implemented, as well as following the compliance of a system against a set policy. GovSEC follows IT Security Risk Management Methodology for RAs.