FICORA’s Information Security Management System certified

FICORA’s Information Security Management System (ISMS) bears the ISO/IEC 27001 Certificate. This certification covers all public-authority and support operations performed from FICORA’s Itämerenkatu office in Helsinki. The certificate was issued by Inspecta Sertifiointi Oy in October 2010.

FICORA’s Information Security Management System is a process-based operating model designed to

• develop,
• implement,
• monitor,
• review,
• maintain and
• improve FICORA’s internal information security.

The purpose of information security activities is to manage security risks and contain them at a level ensuring the continuity, efficacy and quality of FICORA’s primary operations.

The ISMS supports FICORA’s profit areas and units in achieving their respective aims, through the improvement of the following functions

• system management,
• monitoring and controls,
• compatibility,
• conformity with requirements,
• quality,
• predictability and
• reliability of operation.

The ISMS also ensures and secures the performance of FICORA’s statutory tasks and duties, and the related support processes.

The ISMS incorporates the following, for example

• information security policy and guidelines,
• management procedures describing the implementation of the management system,
• general organisation of information security,
• identification of areas requiring protection, and risk management,
• personnel security,
• physical security,
• security of data communications and user operations,
• security related to procurements, and
• management of information security deviations.

The system is implemented based on security mechanisms specified by FICORA.

Further information on the ISO/IEC 27001:2005 standard and certification is available at

http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=42103

http://www.inspecta.fi/sfs/sertifiointipalvelut/toiminnan_varmentaminen/tietoturvajarjestelmat.php?m=1193