Compliance and certification

Joonatan Henriksson

Joonatan Henriksson

Head of Digital Business

Whether you are building a space station or a digital platform, you might need to show that you have considered the associated cybersecurity risks well beforehand, and acted to mitigate them. Our certification services help you prove this.

Together, Nixu Corporation and its independent subsidiary Nixu Certification Ltd. provide a wide variety of information security and privacy services.

Our experienced consultants have real-life experience in challenging information security management and technical auditing tasks, so in addition to a cost-effective audit, we can support the fixing of the possible findings.

We also work with many local and global organizations in designing the industry auditing requirements. We for example participate in the EU-SEC program for developing a framework for cloud security.

Our ever-increasing variety of security assessments ranges from country specific criteria to standards based on ISO/IEC audits and cloud, payment systems, identity assurance and car systems assessments, including, but not limited to:

  • Certification of electronic identification and trust services (eIDAS)
  • ISO/IEC 27001
  • ISO/IEC 27017 (Cloud security)
  • ISO/IEC 27018 (Personal Information security) standards
  • KATAKRI
  • Mirrorlink car system
  • PCI DSS Onsite Assessment     
  • PCI PA-DSS Services
  • PCI 3DS 

 

Need help with certification?

Visit Nixu Certification Ltd. to learn more

Services

Privacy Support

Our privacy support service offers privacy specialists to run your privacy program development. It will be tailored according to your organization's needs. Privacy support covers scheduled tasks, ad-hoc questions and crisis management. Continuous privacy support offers expertise at hand for everyday privacy issue, robust support at a crisis situation and expertly managed annual privacy program. A nominated privacy specialist will head the service, backed up by a multi-skilled team of cybersecurity, technology, IAM and legal experts. The service typically includes specialist ad-hoc advice for your DPOs, a team ready to assist in data breach cases and development of your privacy management capabilities.

Read more

PCI DSS Onsite Assessment

PCI DSS Onsite Assessment is the assessment service for all parties that store, process or transmit cardholder data. We have experience in assessing different organization types such as large retail chains, small cafés, global service providers, payment gateways, airlines and banks. We don’t only assess, but help the customer in achieving and maintaining compliance as well.

The service is designed to be effective and cause minimal disruptions to the organization’s day-to-day operations. The assessment is divided into phases: Scoping, Documentation Review, Technical Tests and Site Visits, Interview and Observation sessions, Reporting and Closeout meeting. Each phase is carefully designed to guarantee a successful assessment with minimal disruptions.

The Finnish government’s information security levels

The national requirements for information security levels constitute a tool which helps different parties meet the requirements of national information security acts. These requirements apply to the Finnish state administration and its service providers.

Nixu has piloted and provided definitions for the Finnish government's information security levels and ICT contingency planning requirements. We have performed information security level audits for the state administration and formulated operational plans for achieving desired security. With regard to the private sector, we have incorporated the information security level requirements into our customers' compliance management systems.

PCI PA-DSS Services

PA-DSS services are intended for all vendors that develop payment applications. We can help in preparing for the validation, in remediating the non-conformities and in performing the actual validation. The PA-DSS validation service results in a validated payment application that is listed on PCI Security Standards Council’s web page. In addition, we provide a PA-DSS Preparation service that includes training, gap-analysis and a roadmap for achieving the validation. We also provide ongoing support as part of the Nixu Catalyst compliance management and support service.

DPIA - Data Protection Impact Assessment

Conducting a DPIA supported by Nixu ensures a reliable, verified process with input from multi-skilled team of technical and legal privacy experts. The process goes beyond the mere identification of risks and includes suitable mitigation measures for your organization. Nixu's method is comprised of use case and process workshops with technical and legal points covered. We draft data flow maps to bring clarity to the processing activities, conduct a full assessment of risk with all expertise areas covered and produce a comprehensive DPIA report. The DPIA results will be methodically reported including a specific description of processing with additional data flow maps, an expert assessment of the necessity and proportionality of processing, a full and compliant assessment of risk to individuals and legal, technical and organizational measures to address the risk. DPIA report will deliver you the proof of compliance required for authorities and organizational partners.

DPO as a Service

Nixu’s Data Protection Officer (DPO) as a Service ensures your organization’s designated DPO has extensive legal, technical and managerial privacy expertise. Your tailored DPO will be accessed through one main contact backed up by a multi-skilled team, guaranteeing availability also during holiday seasons and yearly flu epidemics. The DPO will handle and coordinate expert non-operative GDPR tasks such as contact with authorities, privacy training, DPIA specialist advice, reviews of accountability documentation and managing of data breaches. This specialist service stays up to date with privacy legislation and ensures you have the right items on your organization's privacy steering group.


 

Read more

Collaborator security audit

The Collaborator Security Audit Service provides customers possibility to verify that security status of their partners and collaborators does not create unacceptable risks, the contractual requirements for security are followed and that the processes and security governance of collaborators is sound and according to industry best practices. Nixu auditor will identify business critical assets, which are exposed to collaborators, and either verifies that contractually agreed security controls are protecting these assets or that the assets are protected based on industry best practices.

PCI Preparation

PCI Preparation service is the initial step to PCI compliance. We train customer’s key personnel to understand PCI and its requirements. We focus on minimizing the customer’s PCI environment so that compliance can be achieved more cost effectively. The most important outcome of the service is a roadmap that contains clear tasks to be performed in order to become compliant. For each task, a cost estimate is provided and responsibilities defined. The roadmap can be further refined to become a project plan.

The next step after the PCI Preparation phase is usually remediation phase. We support this phase, and help ensure that compliance can be maintained also after the assessment.

  • White paper: GDPR and reporting obligation in data security breach
  • Joonatan Henriksson

    Joonatan Henriksson

    Head of Digital Business

Related blogs