Information security

Design and implementation of the service

The requirements of information security have been addressed in the design and provision of the Suomi.fi Web Service. The production environment of the service is secure, and any integrations and links to the service have been implemented in compliance with the applicable requirements.

The Digital and Population Data Services Agency uses a risk management technique to assess the need to meet information security requirements related to the services and the implementation of information security. In addition, the risks associated with the service are regularly monitored.

The design and provision of the service complies with the legislation on information security and data protection. The planning and implementation of the service takes into account the data security requirements that apply to the processing of personal data. The data security requirements are stricter than those required for protection level IV.

The production environment of the service meets the data security requirements for protection level IV, and pertinent parts of it meet the security requirements for protection level III.

The Digital and Population Data Services Agency carries out regular performance tests. When changes are made to the service, the functionality of the changes and the data security of the service are tested in advance. Testing is also performed to verify the correctness of data combination and the disturbance-free operation of the service during the changes. The Digital and Population Data Services Agency has created a testing plan for the Suomi.fi services.

The service is audited by both the Digital and Population Data Services Agency and external parties.

The usability and reliability of the Service are regularly monitored with reports submitted by the Digital and Population Data Services Agency’s hosting services supplier.