Using facts to combat insecurity: How VG Neumarkt systematically strengthens IT security with LocateRisk

Digitalization and cyber security go hand in hand in public administration - especially when it comes to protecting sensitive citizen data. With LocateRisk, the Verwaltungsgemeinschaft (VG) Neumarkt i.d.OPf. is focusing on transparency, control and the targeted further development of its security structures.

Initial situation: Responsibility meets reality

The security situation in the municipal environment is tense. Administrations are repeatedly targeted by cyber attacks - a development that significantly increases the pressure to act. VG Neumarkt is meeting this challenge with a clear awareness of its responsibility to protect sensitive data. Confidentiality, availability and integrity of the managed data are not just technical requirements, but a fundamental promise of trust. "Every citizen basically assumes that their data is in safe hands with the administration - and it is precisely this trust that we want to live up to," says the administrative community.

Measurability as the key to the ability to act

The decision to use LocateRisk was based on the desire to objectively identify and process IT risks in a structured manner. The platform continuously provides up-to-date, automated security assessments of the externally visible IT infrastructure. The insights gained serve as a basis for qualified decisions - both in the internal implementation of measures and in dialog with service providers.

A specific case underlines the effect: after the change of web host, the security values deteriorated drastically. "The service provider was uncooperative - we terminated the contract and looked for a new provider based on the analysis reports," explains VG Neumarkt. The decision was made on the basis of test scans, which were discussed together with LocateRisk. "This allowed us to choose the service provider that provided the best quality work."

A parameter for reliable risk management

The assessment results from LocateRisk are now an integral part of the administration's risk management. They support the exchange with service providers, progress monitoring and the regular assessment of the security level. "If the score is critical, we derive specific measures from it - and make the requirements for the service provider clear."

"We don't have to analyze every vulnerability down to the last detail - we have our IT partners for that. The decisive factor is that we recognize the need for action and can check the implementation," says Rudolf Ehrensberger, Information Security Officer at VG Neumarkt. The platform thus provides a continuous basis for management, control and traceability.

Evaluating service providers - with figures instead of opinions

One key result: LocateRisk can be used to objectively assess the quality of service providers. Rudolf Ehrensberger makes it clear: "We had cases where poor work only became visible through the analysis values - without this data, we would not have noticed it." The score-based evaluation enables VG Neumarkt to realistically assess IT service providers, analyze their response to reports and shape the collaboration accordingly.

"Today, I can see directly whether a service provider understands my business - and whether they are implementing the recommendations for action. That's real added value for us."
- Rudolf Ehrensberger, Information Security Officer, VG Neumarkt

Communication with management and auditors: clarity instead of complexity

Another advantage is the communication with top management. The management report provides a comprehensible presentation of the most important key figures and developments. It makes it clear how IT security performance has changed over time and creates a sound basis for discussion for decisions at management level.

The report is also regularly used in external audits - as documented proof of active, structured information security management. In this way, continuous improvement is made visible and firmly anchored.

Conclusion: More safety through visibility

With LocateRisk, VG Neumarkt has established an effective tool that measurably advances the continuous development of its IT security. The platform helps to identify potential threats at an early stage, implement targeted measures and noticeably improve preventive protection.
LocateRisk is firmly anchored in security management both in day-to-day business and at a strategic level - and has proven to be a valuable support in successful collaboration with internal and external stakeholders.
VG Neumarkt shows how fact-based transparency leads to better decisions, greater certainty of action and lasting trust.

"Without the scans, we would have to rely on assumptions. Today, we have a clear overview - and can react to facts."
- Rudolf Ehrensberger, Information Security Officer, VG Neumarkt

---