Various Finnish acts on information security set requirements for both the state administration and companies providing services to the government. These requirements pose a real challenge for compliance management.
Under the Finnish government's degree on information security in state administration (681/2010), all information processing by the state administration must meet the basic requirements for information security by 1 October 2013.
The national requirements for information security levels constitute a tool which helps different parties meet the requirements of national information security acts. The national requirements for ICT contingency planning, in turn, ensure that contingencies against basic level situations are in place. These requirements apply to the Finnish state administration and its internal and external service providers.
Nixu has piloted and provided definitions for the Finnish government's information security levels and ICT contingency planning requirements. We have performed information security level audits for the state administration, formulated operational plans for achieving desired security levels and provided advice regarding individual requirements. With regard to the private sector, we have incorporated the information security level requirements into our customers' compliance management systems.
- Current state analysis: The organisation's maturity is evaluated through workshops by comparing its current state with the desired security level.
- Operational plan: Nixu's experts arrange workshops during which a multi-stage plan for achieving the desired security level is formulated.
- Advice at different stages of the operational plan: We will help you select the risk management methods best suited for your needs, build an information security management system, manage disruptions, plan contingencies for special situations and develop a Balanced Scorecard for information security.