Accredited information security inspection bodies | Traficom
Skip to main content
National Cyber Security Center
Report incidents
Report incidents
Report incidents

Accredited information security inspection bodies

We have listed the information security inspection bodies accredited by us below.

On this page

The accreditation of information security inspection bodies is based on the Act on Information Security Inspection Bodies. The area of competence covered by the accreditation specifies the types of information security assessments that the inspection body is authorised to carry out under Traficom’s accreditation, considering the security classification levels and the criteria to be used. 

The inspection body’s own information handling must meet the requirements at one security classification level higher than the level for which it has been accredited. The security of the inspection body’s own information handling environment is verified on the basis of the National Security Auditing Criteria (Katakri).
 

ISO/IEC 27001-accredited inspection bodies

Into Certification Oy (formerly Huld Certification Oy)
Business ID: 3203038-6
Address: Keilasatama 5, FI-02150 Espoo, Finland

Competence area: ISO/IEC 27001:2022 (decision issued 25 February 2025)
Level of the body's own information handling: Security classification level II


Nixu Certification Ltd
Business ID: 2623093-9
Address: Keilaranta 15, FI-02150 Espoo, Finland

Competence area: ISO/IEC 27001:2013 (decision issued 25 June 2019)
Level of the body's own information handling: Security classification level II


KPMG IT Certification Ltd
Business ID: 2469464-1
Address: PO Box 1037, FI-00531 Helsinki, Finland

Competence area: ISO/IEC 27001:2022 (decision issued 25 March 2026)
Level of the body's own information handling: Security classification level II


Kiwa Sertifiointi Oy (formerly Inspecta Sertifiointi Oy)
Business ID: 1065745-2
Address: Sörnäistenkatu 2, FI-00580 Helsinki, Finland

Competence area: ISO/IEC 27001:2013 (decision issued 10 March 2017)
Level of the body's own information handling: Security classification level III

 

Katakri 2020-accredited inspection bodies

Into Certification Oy (formerly Huld Certification Oy)
Business ID: 3203038-6
Address: Keilasatama 5, FI-02150 Espoo, Finland

Competence area: Katakri 2020, security classification levels IV and III (decision issued 25 February 2025)
Level of the body's own information handling: Security classification level II


KPMG IT Certification Ltd
Business ID: 2469464-1
Address: PO Box 1037, FI-00531 Helsinki, Finland

Competence area: Katakri 2020, security classification levels IV and III (decision issued 27 June 2022)
Level of the body's own information handling: Security classification level II

Extension of the competence area: Case-specific assessment of a cryptographic solution (Katakri 2020 TL IV) (decision issued 25 March 2026)


Nixu Certification Ltd
Business ID: 2623093-9
Address: Keilaranta 15, FI-02150 Espoo, Finland

Competence area: Katakri 2020, security classification levels IV and III (decision issued 8 July 2021)
Level of the body's own information handling: Security classification level II
 

 

An information security inspection body may carry out assessments of information systems and wellbeing applications in the healthcare and social welfare sector, provided that it has an approved and valid Katakri competence area.

In such cases, the inspection body may:

  • carry out assessments in accordance with the Act on the Processing of Client Data in Healthcare and Social Welfare (703/2023) and assess the compliance of the information system and wellbeing application with the essential information security requirements
  • carry out assessments in accordance with the Act on the Secondary Use of Health and Social Data (552/2019) and assess the information security of a secure operating environment

Accreditation of inspection bodies is based on the Act on Information Security Inspection Bodies.

Read the act (in Finnish)

1405/2011Valid from: 01/06/2012

Page was last updated