ENSIA

What is ENSIA?

The Single Information Audit Unified Norm (Eenduidige Normatiek Single Information Audit) – is an accountability methodology for government agencies to demonstrate that they are taking appropriate measures to ensure data security and quality. ENSIA has two modes of accountability: horizontal accountability (to the municipal council) and vertical accountability (to the regulatory authorities), which means that it is binding.

In terms of horizontal accountability, the organisation renders account on the extent to which the BIO measures have been implemented. This can be recorded in ENSIA by means of a self-assessment. This ultimately translates into reports that end up with the municipal council and the Municipal Executive. The organisation must also include a section on information security in its annual report. The self-assessment results can be used as input for that section.

In terms of vertical accountability, the organisation renders account on various elements (to the extent that they apply):

• the measures taken on information security within the Personal Records Database (BRP), Travel Documents database, Suwinet and DigiD connections;
• for the purposes of the Key Register of Addresses and Buildings (BAG), the Key Register for Large-Scale Topography (BGT) and the Key Register of the Subsurface (BRO), accounts is rendered on the manner in which data quality and data integrity are ensured;
• for the purposes of the Valuation of Immovable Property Act (WOZ), account is rendered on information security, system management and architecture.

For specific components, a Registered EDP Auditor (RE) should assess whether the control measures that have been put in place are effective. This applies to the components that have DigiD connections as well as to the use of Suwinet.