Go directly to contents.
Suomi.fi Data Exchange Layer

Information security

Design and implementation of the Service

The requirements of information security have been addressed in the design and provision of Suomi.fi Data Exchange Layer. The production environment of the service is secure, and any integrations and links to the service have been implemented in compliance with the applicable requirements.

The Digital and Population Data Services Agency uses a risk management technique to assess the need to meet information security requirements related to the services and the implementation of information security. In addition, the risks associated with the service are regularly monitored.
The design and provision of the service complies with the legislation on information security and data protection. For additional information on legislation, see the terms and conditions of use of the Data Exchange Layer.

Suomi.fi Data Exchange Layer Terms and Conditions of Use (PDF, 473.41 kB)Opens in a new window.

A privacy statement has been created on the processing of personal data in the Data Exchange Layer. The planning and implementation of the service takes into account the data security requirements that apply to the processing of personal data. The data security requirements are stricter than those required for security class IV. The production environment of the service meets the data security requirements for security class IV.

The Digital and Population Data Services Agency carries out regular performance tests. When changes are made to the service, the functionality of the changes and the data security of the service are tested in advance. Testing is also performed to verify the correctness of data combination and the disturbance-free operation of the service during the changes. The Digital and Population Data Services Agency has created a testing plan for the Suomi.fi services.

The service is audited by both the Digital and Population Data Services Agency and external parties.
The usability and reliability of the Service are regularly monitored from reports submitted by the Digital and Population Data Services Agency’s hosting services supplier.

Monitoring and disruptions

Normal and anticipated external disruptions and security threats have been taken into consideration in service design and implementation. Processes are in place for monitoring and incident management.

Updated: 15/10/2024

Are you satisfied with the content on this page?