![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
The use of IT systems has become essential for analyzing and centralizing information and outsourcing is increasing, thus the security of information systems is a major challenge for any data controller, whether a business or government entity.
Taking into account this evolution, in October, 2010, the CNIL issued guidelines related to the security of personal data. There is a questionnaire on CNIL’s Web site to help any data controller assess the level of personal data security within its entity.
The guide addresses 17 topics through data security fact sheets. It describes the minimum security measures to be put in place and the mistakes to be avoided. It also provides information on more specific security matters.
The security topics covered in the fact sheets include: risk analysis, user authentication, management of authorizations of use and users sensitization, computer security measures (against fraudulent access/use or virus), security of mobile devices, backups and business continuity, maintenance, management of incidents, security of premises, security of internal network, security of servers and software, outsourcing, archiving, exchange of information with other entities, software development, anonymization and encryption.
The CNIL recommends that data controllers, among others, set up internal rules on the use of information systems by employees.
