Get compliant with SSF Cyber security

Take control of your IT environment with the cyber security certification SSF 1101

The number of electronic attacks, fraud and cyber espionage is increasing more and more in companies and organizations. It can lead to major consequences for the entire organization if incorrect information is attacked.

Organizations need to plan for clients to be taken over by external attackers, but also disloyal employees or suppliers with access to the IT infrastructure. The IT structure must therefore be secured against both internal and external threats. The purpose should be to prevent or make it more difficult for an attacker to gain access to the IT environment and to have an opportunity to reduce damage

We offer SSF Cybersecurity to assist the organization to take a number of appropriate and relevant security measures which lead to good IT security.

A certification according to SSF 1101 Cyber ​​Security protects you against the most common cyber threats. This certification can be seen as a simpler, less expensive version of ISO 27001 which is a similar certification, but which adapts to companies that need more extensive requirements and have higher risks.

Why do we need to certify our business according to SSF 1101?

To control and protect the organization’s IT environment against internal and external threats.

Correctly implementing five basic security controls will protect your organization against the most common cyber threats.

A due diligence of your IT environment helps you to maintain a basic cyber security according to the standard SSF 1101 developed by the the Swedish Theft Prevention Association (SSF). With this in place, the business is equipped against digital threats and you can strengthen your profile to customers and partners where you show that you take security very seriously. A due diligence of the company’s digital IT environment includes:

  • Computers and mobile units
  • Software and applications
  • Networks
  • External IT services (e.g., cloud storage and similar)
  • Authorisations
  • Training

Our service is ideal when

  • You want to remove the burden of security monitoring and incident management
  • You must comply with regulations such as GDPR, PCI-DSS, HIPAA, ISO 27000
  • You need a more streamlined and cost-effective threat reduction of intrusion

A certificate issued in accordance with this standard demonstrates that you take information security seriously and have implemented basic IT security at your business. The standard sets forth the requirements necessary for the basic level of IT security for small and medium-sized companies and organisations. SSF is the Swedish Theft Prevention Association.

This is an international certification, and we welcome enquiries from companies and organisations from around the globe. SBSC (owned by the ´Swedish Fire Protection Association and the Swedish Theft Prevention Association) is one of the few certification bodies worldwide that offer this type of certificate for SMEs.

SSF 1101 in short

Target group: Small business, without sensitive information

Intended protection: Digital information that the company handles

Covers: Basic IT security requirements

  •  Computers and mobile devices
  •  Secure software and applications
  •  Protect your networks
  •  Secure your external IT services
  •  Check permissions
  •  Training of digital risks for selected staff (half day)

Benefits of certification

Shows that you have control over your IT security and take information security seriously.

Provides good protection against the most common types of cyber threats.
Certificates that you have staff who have completed a basic information security training.

Shows that you have the right conditions to protect personal data according to GDPR.

Strengthens trust in the organization among customers, partners, and demanders.

The certification process

  1. Apply for certification with a certification body
  2. Answer a comprehensive questionnaire
  3. Complete the answers if necessary
  4. Signatories certify the accuracy of your answers
  5. The certificate is valid for three years and the license is renewed every year
  6. During the period of validity, there may be random sampling to ensure that you meet the requirements of the standard

Example of requirements

  • Strong passwords for user accounts on computers and mobile devices
  • Enabled encryption of storage space on computers and mobile devices whenever possible
  • Backup of information to the extent decided by the business
  • Malware protection software on all computers and mobile devices that can be connected to external networks
  • Decisions about, and to what extent, private equipment may be used in the organization
  • One or more network devices with firewall functionality installed between the company’s internal and external networks
  • Encrypted wireless networks protected by a secure protocol and strong password or certificate.
  • Legally binding agreement between you and the current supplier when we use external IT services and cloud services
  • New password immediately in case of suspicion that the password has become known to someone other than the user

All employees must complete a basic training in information security in the form of DISA (Computer Aided Information Security Training for Users) or equivalent.

Civil Preparedness

Resilient civil communication systems
The above solutions and services contribute to the following NATO Baseline Requirements.
See more
Torbjörn Schön

Torbjörn Schön

Head of MW Cyber
M: +46 737 367 062
MW Field Services
Field Services
MW Defence Solutions
MW Cyber Solutions
MW Geospatial Services
MW Strategy
Strategic Advice