Enfo’s Care and Data Platforms business granted an ISO 27001 information security certificate
Enfo’s Care and Data Platforms business has been ISO 27001 certified. Information security management throughout the business area meets the requirements of the standard. The certification reflects Enfo’s strong investment in digital responsibility. For customers, this means that information security is in good hands at all stages of service production.
ISO 27001 is an information security management standard that defines the framework conditions for the preparation, development, implementation and maintenance of information security management systems. The standard consists of 14 domains containing 35 control categories and 114 information security controls. In order to obtain the certificate, the company must pass controls on all activities and services covered by the certification.
Enfo’s data centers achieved ISO 27001 certification in 2015. Now the certification has expanded to cover the Care & Data Platforms’ support functions as well as the following lines of service: Cloud, Platforms, End user services and Business services in Kuopio, Espoo, Lahti and Tampere.
“Last year we set out to strengthen the level of security and continuity of our data centers, and we were granted the significant Katakri 2020 certificate as a proof of good security management and physical security. However, we provide services also outside data centers. The ISO 27001 certification demonstrates also the high level of security and continuity of our other services and operations,” says Altti Heinonen, Director, Security & Governance at Enfo.
Responsibility in line with the strategy
Responsibility, cybersecurity and digital trust are central to Enfo’s strategy. For a long time, Enfo has been working systematically to develop information security, and the information security management was renewed in 2019. Even then, information security management was implemented throughout the Care and Data Platforms business in accordance with the ISO 27001 standard. The recently obtained certificate is the result of this work.
“Centralized security management has enabled the transition from certification of data centers to certification of all business operations. The number of services within the scope of certification increased significantly, and the number of personnel covered by the certification increased to nearly 300 people, covering our entire IT service business. Information security management expanded to apply to all our partners,” explains Enfo’s Nina Annila, EVP, Care & Data Platforms Finland.
The certificate is of great importance to Enfo’s customers, many of whom operate under the ISO 27001 framework and require the same from their service providers. The certification issued for the business indicates a good level of information security. The customer can trust that information security has been taken into account at all stages of service production, including subcontractors.
ISO 27001 was established by the International Organization for Standardization (ISO), which develops and publishes international standards. The audit for the certification was carried out by Inspecta Sertifiointi Oy (Kiwa).