Infostar is a central registry for civil status data such as birth, marriage or death, which the federal government has made available since 2005, the Federal Court of Auditors (SFAO) announced on Monday. About 1,200 users in 142 civil registrations are connected to it.
A project to modernize Infostar with an investment volume of approximately CHF 23.7 million has been underway for four years and is expected to be completed in 2023. The SFAO has now investigated whether information security is still guaranteed when operating the current application.
She also checked whether the modernization project closes the security gaps and whether the cooperation works in tackling cyber attacks. The foundation has been laid thanks to the embedding in the infrastructure of the IT service center of the Federal Department of Justice and Police (ISC-FDJP).
The Infostar project has been in a difficult phase for several months now. The personnel changes are large and the project management is only filled on an interim basis. Those responsible are aware of the delicate situation and have taken immediate measures. Delays and cost overruns are foreseeable.
The SFAO abstained from making a recommendation, but called for greater integration of security and operations specialists into the new organization. The roles and responsibilities are defined in the ISC-EJPD, which is responsible for the implementation of the project, but benefit recipients should be better involved.
The security documentation is largely outdated. This may lead those responsible to underestimate the risks to which the solution is exposed. A risk analysis is necessary.
(SDA)