Application for accreditation as an information security inspection body

Inspection bodies help promote private businesses’ information security

Private companies can use inspections conducted by accredited bodies to prove that their operations fulfil relevant information security requirements. This way, companies can prepare for international competitive bidding requiring security clearance from a competent security authority or prove to a national authority that their operations meet the required level of information security.

It is always the competent security authority that issues security clearances to companies and accredits information systems and telecommunications arrangements. However, the competent security authority can issue an accreditation based on an assessment carried out by an inspection body.

Inspection process

Information security inspections carried out by inspection bodies entail

• determining whether the operations of the entity in question meet information security requirements
• vetting the business premises of the entity in question.

Inspections are commissioned by the entity whose operations the inspection concerns. The evaluation criteria and target security level are determined in this context.

Inspections of public authorities’ information security

When conducting assessments regarding the security of their information systems, authorities may only use the services provided by the Finnish Transport and Communications Agency Traficom or an inspection body accredited by the Agency. The inspection procedure is governed by the Act on the Evaluation of Government Information Systems and Data Transfer Arrangements (1406/2011).

Steering and supervision of inspection bodies

More information