Compliance - Digital tools and personal support

Lantero is organizing a seminar for municipalities on whistleblowing and some common issues in handling whistleblowing cases. It will take place on November 6 from 15:00 to 16:30. For more than ten years, Lantero has worked with whistleblowing solutions and is now the largest provider in Sweden within the municipal sector. Lantero assists municipal clients with whistleblowing cases daily, giving us a unique opportunity to guide both in legal matters and in common practices among different types of municipalities. Some common questions that will be addressed during Lantero's seminar include: * Conflict of interest situations and how to handle them * How to approach confidentiality when a public document is requested * What applies regarding GDPR when a case is investigated outside the whistleblowing system and process * How to interpret the concept of "public interest" in the law concerning irregularities in municipal operations The target audience for this seminar is primarily case officers working with municipal whistleblowing services and municipal lawyers who are occasionally involved in case handling or assessment. However, it may also be relevant for a broader group interested in the general efforts to address various types of misconduct in municipalities and the public sector at large. Since the topic connects to broader issues about how municipalities and public services function, as well as fraud and welfare crimes, welfare coordinators or case officers dealing with more specific issues may also find it relevant to attend. This also means, for instance, that government or regional legal advisors could benefit from the discussions. The seminar will be conducted as a webinar, but it is also possible to attend in person at Lantero’s office at Drottninggatan 71c in Stockholm. – We often receive requests from our municipal clients for this type of activity, as case officers in municipal whistleblowing functions clearly want to exchange experiences with colleagues from other municipalities or external experts, says Andreas Wahlström, who is responsible for the seminar on Lantero's behalf. We will do our best to involve participants and create a dynamic discussion.

The new EU regulations (NIS2) regarding security and preparedness in critical sectors will directly or indirectly affect most parts of society. For individual companies or organizations, it is important to determine if they are affected by the regulations – although a more reasonable question is probably how they are affected by NIS2. How the EU directive will be implemented in national legislation is still unclear, but with the overall guidelines of the directive and the expressed intentions, it is becoming quite clear how companies or organizations should approach and prepare for the new legislation. To assist in the initial assessment, Lantero provides short, overview analyses. In a 15-minute meeting, we go over whether you are clearly and directly affected by the regulations or if you are potentially or indirectly impacted. The goal of the meeting is to better understand how to approach the regulations so that you can take control of the process and allocate resources where they are most effective. Whether you view NIS2 as a compliance issue, a matter of security, or from a commercial perspective linked to customer demands, there is a reason to understand the regulations and have a clear strategy. Taking control of the issue reduces dependency on external consultants and ensures that actions are taken in the right order. Priorities can vary significantly depending on whether you take a compliance perspective or a security perspective, for example. But regardless of perspective, you need to understand where your organization stands in relation to various risks associated with network and information systems. And regardless of priorities, questions about everything from strategies and operational continuity to cryptography, personnel security, or incident management must be considered. Even organizations with a high level of security awareness have reason to review the whole picture and assess to what extent they are working in line with best practices or have made informed decisions based on actual circumstances. The first step is knowing in what way you are affected by the regulations.

As a continuation of the security requirements established in the NIS Directive, the follow-up NIS2 is now being introduced. In the new directive, the requirements are stricter, but most notably, supervisory authorities will be able to impose concrete sanctions on organizations that fail to comply. The directive will be implemented into national legislation during the fall. The main purpose is to raise the level of security within critical sectors of society. However, companies and organizations with an indirect connection to these sectors may also fall under the scope of affected activities. Lantero has developed some questions to help you determine if you need to comply with the regulations. If the answer to any of these questions is yes, you should take a closer look at the regulations and establish a plan or approach to the new rules. * Do we provide services or infrastructure in sectors such as energy, transport, banking, healthcare, water supply, or digital services? * Do we have customers in essential societal operations? (Even suppliers and third-party vendors may fall under NIS2.) * Do we manage critical infrastructure or digital services that impact national security or economic stability? (Organizations that affect national or societal security are generally included.) * Does our organization have more than 50 employees or an annual turnover exceeding 10 million euros? * Are we dependent on networks and information systems to provide our products or services? (NIS2 targets organizations whose operations rely on digital systems.) * Have we previously been subjected to cyberattacks or other security incidents that may have affected our operations or our customers' data integrity? (Companies that handle sensitive data and have been targeted by cyber threats may fall under NIS2.) Given that the directive also affects many subcontractors to the primarily affected organizations, it becomes a concern for many. It is still unclear how thoroughly the follow-up of subcontractors' NIS2 compliance will be conducted, but it is likely that it will be an advantage to demonstrate a structured approach and awareness of where one stands in relation to the framework. "We encounter many who feel that the regulations are too far-reaching and impose requirements on more organizations than necessary. At the same time, there is an opposing view among those who work closely with security issues or have been exposed to various types of attacks. They often feel that the framework is wise for most to adhere to," says Petter Tiger at Lantero.