Ficolo achieved ISO27001 certification. The audit was done by Kiwa Inspecta.

The certificate covers Ficolo data centers The Rock in Pori and The Deck in Tampere as well solutions for producing cloud delivery services – in practice all services of Ficolo from these data centers.

The information security ISO27001 certificate verifies that Ficolo information security management system is implemented in accordance with best practices and meets all the demands set by the standard. Our customers receive certified services which have been proven by an external party.

The importance of a security management system is that it is also a continuous development process, states Ficolo’s Senior Business Process Developer Jarmo Harno, who is responsible for the certification process at Ficolo. The follow up audits will ensure that the development is an continuous process in all sections of information security, not only that everything is put in place for the first audit. This process has given us a good framework for security trainings for staff, internal audits and developed a schedule for them for coming years, describes Harno.

The auditors recognized that information security and its management is well identified inside the organization and built-in in daily work.  The commitment and leadership of top management is obvious. Continuity management is well planned and impressive, praised the Kiwa auditors.  Responsibilities related to monitoring were also clearly defined and the communication plan for customers in disruptions was well thought out. Throughout the certification process were identified good improvement targets as the basis for continuous development.

Customers expect their partners certified evidence that management and process are secure. The audit verifies that information security forms the basis of Ficolo services.

An ISO27001 information security management system is a systematic and pro-active approach to effectively managing risks to the security of your company’s confidential information.
The system promotes efficient management of sensitive corporate information, highlighting vulnerabilities to ensure it is adequately protected against potential threats. It encompasses people, processes and IT systems.