The institution assesses the current security posture and defines an institutional cybersecurity strategy and governance model.

Social security administrations become critical infrastructure (CI) and critical information infrastructures (CII), and therefore they require a robust cybersecurity posture. In general, CI is defined as those sectors, services, and assets that are vital for society’s well-functioning and resilience. At the same time, CII is the ICT systems that are CI for themselves or essential for the operation of a CI.