SokoPro is a data security forerunner in the software industry, as is evident by its data security certification. Security and customer-friendliness are integral parts of our products and service structure. Our servers are located in Europe.
Certified data security
Data security and responsibility
The role and importance of data security continues to grow among companies. In order to ensure the data security of its website and applications, SokoPro has been working together with Nixu Oy since 2012. Being granted the data security certificate is a major step for SokoPro’s business operations, as customers are also becoming increasingly aware of the importance of data security and different kinds of audits.
The Nixu Security Verified data security certificate
The certification covers the technical data security of the SokoPro system, along with its background processes and the related documentation. This way, we can ensure that the service is secure and that it is developed and maintained in a way which ensures a good level of data security even in the future. For the certification, the functions of the system were examined and technical break-in testing was carried out. In the future, the SokoPro project bank will also be examined annually as part of the certification programme.
– Grano has a very long history of working with customers who demand that we and our employees undergo various types of security audits related to print products. In terms of digital products, the number of certification schemes is constantly increasing,’ says SokoPro Development Manager Fernando Korpi from Grano.
Nixu, the largest information security consultancy in the Nordics, also engages in collaboration with the Government Information Security Management Board.
Gaining an information security certificate from this type of independent party requires passing an extremely demanding audit.
– Audits and reviews begin with the basics, such as password handling, related requirements and how passwords should be sent to new users. The information security work conducted as part of software development examines the service ‘under the hood’. It takes more than simple ‘band-aid’ fixes to pass the audit,’ says Korpi.
‘During the tendering process, companies almost inevitably send a range of questions to determine certain basics. Of course, customers also used to carry out audits before, but with the GDPR the practice has become more systematic. I consider the GDPR to be a good thing since it forces companies to give due consideration to data security and privacy protection,’ says Grano’s Information Management Director Petri Helin.
According to Helin, carrying out a network attack is fairly easy for someone well-versed in the subject, and various types of online attacks are carried out daily. This has made the old ways of thinking about data security obsolete.
‘The overview and objectives of data security are fairly clear, but the devil is in the details. What this means is that we have to adopt a different approach not only in terms of the technology, but in user training and teaching as well. The objective is to make sure that our data security is in order and that our customers can trust in us and our processes,’ Helin says.
SokoPro is the first document management solution certified by Nixu. Regardless of the field of operation, file management systems are crucial to all projects: if a system fails to work or becomes subject to a cyber attack, the effects can be significant even nationally. Without a good document management solution, the customers will not have access to the required documents, making cooperation with various parties more difficult, as well as preventing use of the digital tools necessary for the organisation. SokoPro also offers many services critical for document management, which must be available under any circumstances.
Nixu’s partner model allows SokoPro to concentrate on the development and digitisation of its own business operations, ensuring that data security is paid the necessary attention and does not cause any delays.
SokoPro data security
SokoPro is committed to producing safe cloud-based services to organisations around the world.
The connections used are protected with a reliable firewall solution, and all data communication is SSL encrypted. The SSL certificate is granted by DigiCert, Inc.
Data security audits
Regular data security checks and vulnerability management.
Virus and malware protection.
The best, secure practices.
Secure administration and software development practices.
Data security training.
Regular data security trainings for the administration staff.
54/2008M & PCI-DSS
The data centres used comply with the requirements of Regulation 54/2008M of the Finnish Communications Regulatory Authority and the PCI-DSS standard regarding the physical protection of premises.
The data centres used are located in Finland.
SokoPro has been working together with Nixu Oy since 2012. Data security is of the utmost importance in SokoPro’s product development.