Information security policy
FICORA's information security management must be at a level that ensures the achievement of the goals related to the confidentiality, integrity and availability of information, fulfils the requirements on FICORA as an authority, increases the trust in FICORA as a cooperation partner, and promotes the achievement of FICORA's goals in other ways. Therefore, FICORA has an information security management system which is a management system supporting goals that are in accordance with the information security policy.
FICORA has a certificate, which is in accordance with the ISO/IEC 27001:2013 standard, for its information security management system.Inspecta Sertifiointi Oy awarded the certificate to FICORA first in October 2010, and again in October 2013 and September 2016. At the moment, the certificate covers FICORA's regulatory and support activities in Helsinki with the exception of the duties of the National Communications Security Authority (NCSA-FI), the assessment of authorities' information systems, and the accreditation of inspection bodies related to information security.
The requirements on FICORA's information security are transferred, as applicable, to the suppliers in the agreements on purchased services. The personnel of the supplier must comply with FICORA's information security guidelines.
As a rule, information security incidents against FICORA are reported to the police for investigation.
FICORA's information security policy [pdf, 179 KB]