The Incomes Register Unit was issued an information security certificate


The Tax Administration's Incomes Register Unit was issued an information security certificate in accordance with the international standard ISO 27001. The certificate shows that the Incomes Register operates in a way that ensures the management of information security in a comprehensive manner.

The Incomes Register contains comprehensive income and personal data. At the moment, paid wages are reported to the Incomes Register and, in the future, pension and benefits income will also be reported. With the help of the information security management system, we can ensure the integrity and usability of the Incomes Register data and prevent any loss of data as well as prevent the data from falling into the wrong hands. The ISO 27001 standard considers security comprehensively from different perspectives.

Proactive measures to prevent data breaches

The Incomes Register is constantly being tested for vulnerabilities and the risks incurring from them are assessed.

'Unfortunately, data breaches are common and they evolve all the time. We at the Incomes Register are aware of this and do our best to detect and stop data breaches as efficiently as possible. Risks can be related to hardware, systems, or people. In the Incomes Register, a secure environment requires extensive information security. The data must be protected but, at the same time, it is used by many different authorities. We must be able to detect and block unauthorised attempts to use the Incomes Register data,' says Terhi Holmström, Director of Incomes Register Unit.

The entire personnel is committed to the secure way of working

The recognition the Incomes Register now received will standardise our information security procedures in the future as well. We will evaluate and develop our information security constantly to match the phenomena of the changing environment.

'We also wish to reduce administrative risks. The certificate requires an operating culture in which information security matters are evaluated thoroughly and action will be taken when problems are detected. One important factor is the training of the Incomes Register personnel, so that they are properly able to acknowledge and notice possible threats. The Incomes Register Unit must be able to respond to the changing threats and evolving phenomena related to information security,' Holmström says.

ISO 27001 is an international standard for information security (International Standard for Information Security Management Systems ISMS). The Tax Administration's Incomes Register Unit was issued the certificate corresponding to the standard on 22 August 2019.

Read more: KIWA's website