Foreign Ministry’s information security awarded with certification
The information security and risk management practices of the Ministry for Foreign Affairs have been assessed from the perspective of leadership, information systems, everyday work, documentation and continuous development for the purposes of ISO 27001 certification.Foreign Ministry’s information security awarded with certification on 28. october. CEO Maija Vanttaja, Inspecta Sertifiointi Oy (left) and State Secretary Matti Anttonen.
“The Ministry for Foreign Affairs has been developing its information security management system already for several years. Now it was time to have an accredited certification body to assess and approve the results of our development work,” Chief Information Security Officer Antti Savolainen says.
ISO/IEC 27001:2013, recognised as the leading information security standard, governs processes related to information security management. The standard sets out requirements related to administrative solutions and includes a comprehensive set of technical procedures for managing information security risks, among other things.
Part of good governance
Kiwa Inspecta, which carried out the audit, checked during the certification process that the Ministry's information security management system meets the requirements set out in ISO 27001. The comprehensive audit examined the Ministry's information security and risk management practices from the perspective of leadership, information systems, everyday work, documentation and continuous development, for example.
“The certificate helps maintain high-quality information security management practices, ensures good administrative practice, and promotes openness of public administration in a traditionally closed area of operation. The certificate shows our partners that the Ministry for Foreign Affairs invests in information security and is a reliable partner,” State Secretary Matti Anttonen says.
The information security management system of the Ministry for Foreign Affairs also covers Finnish embassies abroad. In the first phase, however, the certification was limited to cover only Finland-based operations in Helsinki and Kouvola. In the future, the certification will be extended to cover embassies as well.
As further work, Kiwa Inspecta will audit the development and compliance of the Ministry's information security functions in 2021–2022. The purpose is to verify that the Ministry is committed to continuously developing its information security.
Ari Uusikartano, Chief Information Officer, +358 29 535 0526