New information security acts in Bosnia and Herzegovina

Interest for compliance audit related to Bosnia and Herzegovina Data protection law and Sensitive data protection law is raised in Q4 2017. Ministry of communication and transport provided guidelines on general security controls for state level institutions based on ISO 27001. standards.

Information security policy 2017-2022 for Bosnia and Herzegovina institutions (based on ISO27001 standard and NIST frameworks) is adopted and provides goals and activities for information security governance, control and audit (Offical gazette of Bosnia and Herzegovina 38/17). 

Policy suggest process based aproach for ISMS and GRC implementations, including basic policies and guidelines for ISMS implementations.

Sensitive data protection law (Offical gazette of Bosnia and Herzegovina 54/05 and 12/09) is also raised interest in information security system implementations and general IT controls audits.