Incomes Register Unit's information security certificate

The Tax Administration’s Incomes Register Unit was given an information security certificate in accordance with the international ISO/IEC 27001:2022 standard.

The Incomes Register Unit is responsible for the operation of two registers, the Incomes Register and the Positive credit register. With a certified data security management system, we ensure that the information contained in the registers remains confidential, intact and accessible.

We ensure that information is not lost, for example, or fall into the wrong hands. The ISO/IEC 27001 standard looks at information security from various perspectives. In total, the standard contains more than 100 requirements and controls covering security from data encryption to physical security.

The certification is an indication that information security aspects are taken into account in all work processes throughout the Incomes Register Unit.

The certification is audited every three years. Between the audits, compliance with the information security practices is monitored both internally and by an auditor.

A new audit was carried out at the Incomes Register Unit in spring 2025, after which the unit was granted a new certificate on 4 June 2025. The certificate is valid until 22 August 2028.

The certificate was granted to the Incomes Register Unit for the first time back on 22 August 2019. In October 2024, the unit’s second register, the Positive credit register, was also included within the scope of the certification. The Incomes Register Unit has held a data security certificate for an uninterrupted period since August 2019.

Check out our registers

Information on the Positive credit register

• What is the Positive credit register
• Frequently asked questions about the Positive credit register
• Protect your data

Information on the Incomes Register

• What is the Incomes Register
• See also the instructions how to use our services safely