Finnpark Oy’s data security policy

Finnpark Oy’s success is based on strong expertise and the efficient utilisation of relevant knowledge and information. All of this hinges on the availability of information and its safe distribution within the company and among its customers and partners. In order to enable safe information exchange, all parties involved must adhere to certain operating principles.

Many pieces of legislation require data security to be maintained. These include the following:

• Personal Data Act
• Act on the Protection of Privacy in Electronic Communications
• Act on the Protection of Privacy in Working Life

This data security policy describes the operating principles that are observed by Finnpark Oy to ensure data security. The policy has been approved by the management of Finnpark Oy, and it applies to the entire Finnpark Group, including its own proprietary information as well as information disclosed to it by customers and partners. The data security policy is reviewed on a regular basis and renewed as necessary.

Data security refers to ensuring the confidentiality, integrity and availability of information. Confidentiality means that the information is only accessible to those who are authorised to use it. Integrity ensures that the information is protected against inadvertent or intentional changes that compromise its confidentiality. Availability means that the information is available when it is needed.

Data security is not tied to the format of the information. Information can be equally confidential regardless of whether it is presented as a document, in a database, on paper or verbally. 
Data security as a concept comprises technical solutions and particular operating principles. Ultimately, the efficacy of even the strongest technical protection depends on adherence to agreed principles. Therefore, the entire staff of Finnpark Oy carries the responsibility for ensuring data security. Each employee must be aware of its significance and follow the principles of the data security policy as well as all rules and regulations derived therefrom.

At Finnpark Oy, a separately appointed person is in charge of data security matters. This person is responsible for promoting data security within the company and ensuring the functionality and development of the arrangements required by data security.

Finnpark Oy’s data security policies are based on a management model accordant with the ISO 27001 data security standard. Its core is formed by the identification and management of data security risks. These risks are mapped systematically, and efforts are made to identify them in advance. Action plans are prepared in case of significant data security risks in order to eliminate these risks or minimise their effects

A procedure has been established for the processing of discrepancies and risks related to data security. It involves monitoring, reporting and escalating any data security events as well as taking the necessary remedial and preventive measures.

As necessary, Finnpark Oy also engages in cooperation with various authorities in order to identify data security risks and resolve problems.