Application for accreditation as an information security inspection body
Information security inspection bodies provide reliable and impartial information security assessment services for public authorities and businesses. Inspection bodies are accredited by the NCSC-FI, which also steers and supervises the bodies. Inspection body accreditation is subject to a fee. The service includes a list of Traficom-accredited inspection bodies operating in Finland.
Inspection bodies help promote private businesses’ information security
Private companies can use inspections conducted by accredited bodies to prove that their operations fulfil relevant information security requirements. This way, companies can prepare for international competitive bidding requiring security clearance from a competent security authority or prove to a national authority that their operations meet the required level of information security.
It is always the competent security authority that issues security clearances to companies and accredits information systems and telecommunications arrangements. However, the competent security authority can issue an accreditation based on an assessment carried out by an inspection body.
Inspection process
Information security inspections carried out by inspection bodies entail
- determining whether the operations of the entity in question meet information security requirements
- vetting the business premises of the entity in question.
Inspections are commissioned by the entity whose operations the inspection concerns. The evaluation criteria and target security level are determined in this context.
Inspections of public authorities’ information security
When conducting assessments regarding the security of their information systems, authorities may only use the services provided by the Finnish Transport and Communications Agency Traficom or an inspection body accredited by the Agency. The inspection procedure is governed by the Act on the Evaluation of Government Information Systems and Data Transfer Arrangements (1406/2011).