The Finnish government’s information security levels and ICT contingency planning

Various Finnish acts on information security set requirements for both the state administration and companies providing services to the government. These requirements pose a real challenge for compliance management.

Under the Finnish government's degree on information security in state administration (681/2010), all information processing by the state administration must meet the basic requirements for information security by 1 October 2013.

The national requirements for information security levels constitute a tool which helps different parties meet the requirements of national information security acts. The national requirements for ICT contingency planning, in turn, ensure that contingencies against basic level situations are in place. These requirements apply to the Finnish state administration and its internal and external service providers.

Nixu has piloted and provided definitions for the Finnish government's information security levels and ICT contingency planning requirements. We have performed information security level audits for the state administration, formulated operational plans for achieving desired security levels and provided advice regarding individual requirements. With regard to the private sector, we have incorporated the information security level requirements into our customers' compliance management systems.

Our approach:

  • Current state analysis: The organisation's maturity is evaluated through workshops by comparing its current state with the desired security level.
  • Operational plan: Nixu's experts arrange workshops during which a multi-stage plan for achieving the desired security level is formulated.
  • Advice at different stages of the operational plan: We will help you select the risk management methods best suited for your needs, build an information security management system, manage disruptions, plan contingencies for special situations and develop a Balanced Scorecard for information security. 
Nixu – an expert in government information security
  • Nixu has piloted and provided definitions for the Finnish government's information security levels and ICT contingency planning requirements.
  • Nixu has provided auditing and advisory services in collaboration with the Finnish State Treasury's Government IT Shared Service Centre.
  • Nixu's consultants have been trained by the Finnish State Treasury's Government IT Shared Service Centre.
 
How to meet the requirements of different Vahti guidelines

Information security management systems and software development are addressed by the Finnish Government's Vahti guidelines. How can you determine which requirements apply to your organisation and how can you meet them without inordinate costs? Thanks to our extensive knowledge of Vahti guidelines, we can make sure you will find the answers to these questions. 

Compliance for companies

How should a company providing services for the Finnish state administration address the national requirements for information security levels? We will help you incorporate these requirements as a part of your organisation's compliance management.

Security Information and Event Management (SIEM)

Operational view to status of information security.
Read more

Identity management (IdM)

The adoption of a functional IdM solution results in well-organised, secure and economical access management.
Read more

Information security awareness

Improve your information security efficiently by promoting information security awareness.
Read more