Recommendation on minimum requirements for information security

Read the recommendation (in Finnish): Suositus tietoturvallisuuden vähimmäisvaatimuksista (julkaisut.valtioneuvosto.fi)Opens in a new window.

The Act on Information Management in Public Administration (906/2019) lays down obligations relating to information security measures that apply to information management units and public authorities as well as to private individuals or corporations or to corporations subject to public law other than those serving as authorities insofar as they perform public administrative tasks.

This recommendation of the Information Management Board provides guidance on meeting the minimum information security requirements set in the Act on Information Management in Public Administration. Every organisation in public administration must meet these minimum requirements. As part of meeting these minimum requirements, organisations must identify and assess risks relating to data processing and take measures to mitigate risks to an acceptable level.

The recommendation is primarily intended for the information management units and public authorities defined in the Act on Information Management in Public Administration. Other organisations that process official documents may also find the recommendation useful.

Updated: 26/3/2026

Digitalise your service path

Enhance information management

Improve service quality

Protect your data

Open, share and utilise data

Enhance information management

Protect your data

Develop responsibly

Open, share and utilise data

Recommendation on minimum requirements for information security

Are you satisfied with the content on this page?