When confidential information is transferred outside physically protected areas, the information should primarily be transmitted electronically over a network, protected with encryption products approved by the authority.
If this method is not used:
- confidential information must be transported on electronic media protected with encryption products approved by the authority (such as USB memory sticks, CDs, hard drives), or
- in other cases, in accordance with the authority's instructions.
In addition, for classification level III, the following measures must be implemented:
- the organization has identified requirements and established procedures for transferring specially protected information assets (such as encryption keys)
- the material is packaged in a resealable double envelope or equivalent; the outer envelope must not contain any indication of the classification level nor otherwise reveal that it contains confidential material (envelopes or equivalent must be opaque)
- the material is delivered domestically either as a registered letter based on separate approval from the authority or in accordance with courier procedures approved by the authority for the relevant classification level; delivery abroad by post is only permitted based on separate approval from the authority
- only approved and security-cleared personnel are involved in the organization's internal mail handling chain.
Requirements related to international classified information must be confirmed on a case-by-case basis with the Finnish Security Intelligence Service or the Defence Command.
