Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Encryption of user password information

Critical
High
Normal
Low

We use strong encryption during password transmission and storage in all services we develop.

Connected other frameworks and requirements:
9.4.2: Secure log-on procedures
ISO 27001
10.1.1: Policy on the use of cryptographic controls
ISO 27001
14.1.3: Protecting application services transactions
ISO 27001
14.2.5: Secure system engineering principles
ISO 27001
8.5: Secure authentication
ISO 27001

Encryption of public network traffic for application services

Critical
High
Normal
Low

Information included in application services transmitted over public networks must be protected against fraudulent and non-contractual activity and against unauthorized disclosure and alteration.

We use strong encryption and security protocols (eg TLS, IPSEC, SSH) to protect confidential information when it is transmitted over public networks in connection with the IT services we develop.

Connected other frameworks and requirements:
13.2.3: Electronic messaging
ISO 27001
14.1.2: Securing application services on public networks
ISO 27001
14.1.3: Protecting application services transactions
ISO 27001
14.2.5: Secure system engineering principles
ISO 27001
PR.DS-2: Data-in-transit
NIST CSF

Security rules for the development and acquisition of data systems

Critical
High
Normal
Low

Whenever new data systems are acquired or developed, pre-defined security rules are followed, taking into account the priority of the system. The rules ensure that adequate measures are taken to ensure the security of the data and data processing in the system.

Connected other frameworks and requirements:
I13: Ohjelmistoilla toteutettavat pääsynhallintatoteutukset
4 luku, 13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
14.1.1: Information security requirements analysis and specification
ISO 27001
14.1.2: Securing application services on public networks
ISO 27001
14.2.5: Secure system engineering principles
ISO 27001
No items found.