Information security
CSC follows the management-approved information security policy based on best security practices. The policy covers all our personnel, activities and relationships with customers and partners. Our information security policies and guidelines are also based on external security requirements, such as government and EU data protection standards and international security standards. CSC also has procedures for risk management and security management.
On this page, you will find a public summary of our security policy, which briefly describes the scope and implementation methods of the policy. For our customers, suppliers and partners, we can also provide more detailed data security guidelines.
Our personnel safety is based on the terms and conditions agreed in the employment contract, regular safety training for employees and avoiding dangerous work combinations. Our personnel safety also takes into account the people of our partners and stakeholders.
Our office security is based on the categorisation of premises into different security levels, and the protection measures that can be implemented based on that categorisation.
Our network security fundamentals include network classification, layering, contracts, vulnerability scanning, access management, malfunction detection and encryption solutions.
We take care of our equipment security through a range of data security requirements, access management, continuity planning, good maintenance practices and security guidelines.
We ensure the security of software and system development with internal guidelines to safeguard development work.
The basics of data security are the classification, storage and handling of data in accordance with government requirements and our internal guidelines.
We take care of our operational security through a wide range of daily activities. Examples include access management, ID and administrator ID management, classification, change management, capacity management, incident and problem management and management reviews.
Our access management is based on an internal guideline on how the best security practices can be applied in the CSC environment.
Our compliance management is based on the laws, treaties and regulations that affect us, as well as the standards and good practices we follow. For us, the most important security requirements are the ISO/IEC 27001:2013 Information Security Management System standard and the Finnish government’s Katakri tool.
Our security activities are regularly reviewed through internal and external audits and management reviews. Information security is monitored in various ways across all areas of security.