Go directly to contents.
Suomi.fi e-Authorizations

Information security

Design and implementation of the Service

The requirements of information security have been addressed in the design and provision of the Suomi.fi e-Authorizations. The production environment of the service is secure and any integrations and links to the service have been implemented in compliance with the applicable requirements.

The Digital and Population Data Services Agency uses a risk management technique to assess the need to meet information security requirements related to the services and the implementation of information security. In addition, the risks associated with the service are regularly monitored.

The legislation on information security and data protection has been complied with in the design and provision of the service. A privacy statement has been created on the processing of personal data. The planning and implementation of the service takes into account the data security requirements that apply to the processing of personal data.

The Digital and Population Data Services Agency’s data security certificate is in accordance with the ISO/IEC 27001:13 standard. The production environment of Suomi.fi e-Authorizations has been audited with regard to information security in accordance with this standard.

Read more about the Digital and Population Data Services Agency's certificates at dvv.fi.

The Digital and Population Data Services Agency carries out regular performance tests. When changes are made to the service, the functionality of the changes and the data security of the service are tested in advance. Testing is also performed to verify the correctness of data combination and the disturbance-free operation of the service during the changes. The Digital and Population Data Services Agency has created a testing plan for the Suomi.fi services.

The service is audited by both the Digital and Population Data Services Agency and external parties.

The usability and reliability of the service are monitored by means of automatic monitoring.

Monitoring and disruptions

Normal and anticipated external disruptions and security threats have been taken into consideration in service design and implementation. Processes are in place for monitoring and incident management.

Updated: 14/10/2024

Are you satisfied with the content on this page?