A list (requirement library) of non-functional requirements to be used as a basis when conducting IT procurement within Umeå Municipality. This dataset covers information security requirements. The different levels, 1, 2, and 3, indicate the severity of potential damage if any aspect of Confidentiality, Integrity, or Availability is not maintained.
Level 1: Moderate Damage
- No noticeable major difficulties for the organization in achieving its goals.
- No impact on critical societal functions within the organization or elsewhere.
- Individuals or other organizations may notice disruptions or experience mild inconvenience but without measurable economic impact.
- A few non-sensitive personal data records may be exposed, causing moderate harm to personal privacy.
Level 2: Significant Damage- The organization can fulfill its tasks but with likely risks of significant impacts (economically or through the need for extraordinary measures).
- Other organizations or authorities may be affected (economically or through the need for extraordinary measures). Critical societal functions in the organization or others are likely unaffected.
- Individuals may experience significant consequences, such as major inconvenience or substantial economic impacts, due to the disruption.
- Personal data may be exposed, causing significant harm to personal privacy.
Level 3: Severe Damage- Causes major difficulties for the organization's operations, making it impossible or nearly impossible to fulfill tasks.
- Critical societal functions in the organization or elsewhere are likely affected.
- Individuals' lives and health are at risk.
- Sensitive personal data may be widely exposed, causing severe harm to personal privacy.
One of the following criteria is sufficient to qualify:
One of the following criteria is sufficient to qualify:
One of the following criteria is sufficient to qualify:
The requirements list is updated at least once a year, potentially more frequently. For inquiries, please contact: IFkrav@umea.se.