In today’s digital landscape, municipalities face a tough challenge: strengthening cyber and information security despite limited resources, complex operations, and increased regulatory requirements such as the EU’s NIS2 Directive.
Haparanda Municipality y proves that even smaller organizations can achieve significant security advancements in a short period. Despite only 8 out of 120 Swedish authorities meeting MSB’s regulatory requirements according to the Cybersecurity Survey 2024, Haparanda Municipality has significantly strengthened its security posture with a structured GRC strategy and prepared itself to meet the new coming regulatory requirements in NIS2.
Haparanda municipality at the forefront despite challenges
Municipal operations span areas such as schools, social services, fire departments, and water supply – all areas where security and efficiency must be carefully balanced. Like many other municipalities, Haparanda Municipality struggled with meeting legal requirements, avoiding staff overload, and managing limited resources in a rapidly changing environment.
Compliance is not just about meeting requirements. It requires high efficiency, flexibility, and an integrated strategy that works for the entire organization," says Ali Ababneh, Information Security Strategist (CISO) at Haparanda Municipality.
To tackle these challenges, the municipality implemented a GRC strategy that combines governance, risk management, and compliance. Through strategic planning, departmental collaboration, and technical solutions such as the RISMA platform, the municipality has successfully implemented a large part of the NIS2 directive in just one year and built a security culture that permeates the entire organization.
Haparanda takes the lead with supplier audits
The structured GRC strategy has placed Haparanda Municipality among the first in Sweden to conduct systematic supplier audits – a requirement under the NIS2 directive. By working with a software platform, the municipality ensures that all suppliers meet security requirements, thus reducing risks in the supply chain.
We’ve spoken to several municipalities, and none have thought of conducting supplier audits because they lack the tools, time, or resources. We may be the first municipality in Sweden to audit all our suppliers using RISMA," explains the Information Security Strategist.
The municipality’s cyber and information security efforts have not only prepared them to meet many of the NIS2 requirements but also contributed to a stronger security culture across the organization. By clearly delegating roles and responsibilities in the software, arranging workshops for employees at different knowledge levels, and creating a control environment, they’ve significantly increased their security level.
RISMA has helped us create this work culture with their tools. Our high security level is a direct result of everyone in the organization working together, and having a well-functioning governance system," says Ali Ababneh.
A unified GRC strategy prepares Haparanda municipality for NIS2
By creating a structured and long-term GRC strategy, Haparanda Municipality has not only prepared for the new NIS2 requirements but also built a flexible and future-proof foundation for addressing other upcoming regulations.
There are so many changes and laws coming in the future. Having a strategic software solution where all these aspects are interconnected makes it much easier to handle larger changes. It makes it easier to complement what we already have rather than starting from scratch," explains Ali Ababneh.
Many municipalities handle GDPR and information security in different ways – often as separate areas. However, Haparanda Municipality has chosen a more integrated strategy, which reduces complexity and saves resources. This approach shows that even smaller organizations can work efficiently, meet high security standards, and create a sustainable strategy for the future.
RISMA has helped us do just that. The system gives me enough hands to manage the compliance work required in this municipality. With the right tools in place, we are now ready for continued success in adapting to upcoming regulatory challenges," concludes Ali Ababneh, Information Security Strategist (CISO) at Haparanda Municipality.
Stay informed and inspired with our newsletter, delivering valuable insights to your inbox. Explore industry trends, gain expert advice, and discover innovative solutions to fuel your growth.
.svg "Logotyp för Haparanda kommun, länk till startsida (1)"){kind=small}
