Information security

On this page you can read about Ilmarinen's information security.

Information security

Ilmarinen has a special responsibility to manage statutory earnings-related pension cover and related pension assets and for the information security of the data processed in its operations.

The information security policy is an insight into the goals, principles and implementation of information security, approved by Ilmarinen’s management. Ilmarinen’s management is committed to implementing information security.

At Ilmarinen, information security includes both information security and data protection. Information security means that the data required for the operations is accurate and up to date and that the data is only available to authorised users during pre-determined service hours. Data protection means protecting the privacy of Ilmarinen’s customers, employees and stakeholders when processing personal data.

Based on the information security policy, Ilmarinen maintains information security guidelines and rules that have been aligned with other internal guidelines in place at Ilmarinen. Everyone working at Ilmarinen has the obligation to participate in information security training and understand information security practices and abide by the given instructions in his or her own tasks.

Ilmarinen’s information security organisation takes care of coordinating and steering information security. Ilmarinen’s management receives regular reports on information security.

Information security lays the foundation for all our products and services, and it is an integral part of the functionality and data architecture of our information systems. Security management in Ilmarinen’s operations is comprehensive.

Requirements for the information systems’ security are always established beforehand when the systems are designed. In our operations, we process all information securely and as required by legislation. We systematically develop and verify our information security.

We ensure information security without needlessly restricting the functioning or openness of the production of services, customer service and information processing.

By processing data responsibly, we secure the trust of our customers and other stakeholders towards Ilmarinen.

Integrity

Our operations are based on sound data. In our operations, we ensure the correctness, quality and non-repudiation of the data we process and the processing methods. We have protected our information from unauthorised or accidental modification or removal.

Confidentiality

We protect data reliably and we respect insurance secrecy.
Confidential information may only be processed by those who require the information for their job. We reliably identify the users of information and systems.

Accessibility

Our information is available whenever it is needed. We ensure that the information we process and our Services based thereon can be used by authorised persons in a timely manner.

Continuity

We retain our ability to function in all circumstances. We continuously monitor and assess information security risks. In order to ensure continuity, we focus especially on the prevention of problems and risks. We are prepared to take appropriate actions and to recover quickly from exceptional situations.

We process personal data carefully and systematically. We ensure our customers’ privacy and act responsibly in any processing of personal data. We disclose information on the processing of personal data and our customers’ rights openly and clearly.

We abide by all of the obligations laid down in data protection legislation and good data processing practices when processing personal data. The legislation governing the pension insurance sector and the codes of conduct applicable in our sector set higher-than-usual standards for our operations, and we are committed to meeting them.

Informativeness

We inform customers about the processing of personal data openly and clearly in the privacy statement and in connection with the provision of services. The privacy statement also informs customers about their rights to their data.

Necessity

We only process necessary data. Personal data is only collected and processed for specific and legal purposes. You can read about personal data processing in Ilmarinen’s data protection document.

Quality

We ensure the quality of the data. Ilmarinen has in place adequate measures for ensuring the quality and accuracy of the data. When processing data, only appropriate and reliable sources are used.

Information security

We protect data efficiently. Information security is ensured using the necessary technical and administrative means. Ilmarinen also ensures the protection and appropriate processing of data on the part of every person processing personal data who participates in the production of services.

Responsibility

The importance of data protection is reflected in Ilmarinen’s operations. We respect insurance secrecy and process confidential information in the manner required by legislation. We ensure the protection of privacy when processing personal data.