Large companies in particular are meticulous about data security matters when inviting tenders from service providers. The EU’s new General Data Protection Regulation (GDPR), which was approved in 2016 and is scheduled to enter into effect in May 2018, has only further increased companies’ interest in data security and privacy protection.
“During the tendering process, companies almost inevitably send a range of questions to determine certain basics. Of course, customers also used to carry out audits before, but with the GDPR the practice has become more systematic. I consider the GDPR to be a good thing since it forces companies to give due consideration to data security and privacy protection.” says Grano’s Information Management Director Petri Helin.
According to Helin, carrying out a network attack is fairly easy for someone well-versed in the subject, and various types of online attacks are carried out daily. This has made the old ways of thinking about data security obsolete.
“The overview and objectives of data security are fairly clear, but the devil is in the details. What this means is that we have to adopt a different approach not only in terms of the technology, but user training and teaching as well. The objective is to make sure that our data security is in order and that our customers can trust in us and our processes.” Helin says.
SokoPro provides certified information security
Grano’s SokoPro is the first Finnish project bank to be granted cyber security company Nixu Corporation’s information security certificate. The two companies have been working together in information security matters for several years now.
The role and importance of data security continues to grow among companies. In order to ensure the data security of its website and applications, Grano has been working together with Nixu since 2012. Being granted the Nixu Security Verified information security certificate is a major step for Grano’s business operations, as customers are also becoming increasingly aware of the importance of data security and different kinds of audits.
“Grano has a very long history of working with customers who demand that we and our employees undergo various types of security audits related to print products. In terms of digital products, the number of certification schemes is constantly increasing.” says Development Manager Fernando Korpi from Grano.
Nixu Corporation, the largest information security consultancy in the Nordics, also engages in collaboration with VAHTI, the Government Information Security Management Board. Gaining an information security certificate from this type of independent party requires passing an extremely demanding audit.
“Audits and reviews begin with the basics, such as password handling, related requirements and how passwords should be sent to new users. The information security work conducted as part of software development examines the service “under the hood”. It takes more than simple “band-aid” fixes to pass the audit.” says Korpi.