Today’s organisations are constantly faced with new security threats and vulnerabilities. In addition, the operating environments are constantly changing. Managing this and responding to changing threats in a timely manner requires systematic security practices and continuous improvement and monitoring.
Cybersecurity has also become a hot topic in many organisations with the EU Network and Information Security Directive (NIS2) coming into force in autumn 2024. This directive sets cybersecurity requirements, especially for companies and operators operating in the critical infrastructure of society. A security certificate is a clear way to demonstrate to customers and stakeholders that a company is committed to proactively managing and protecting information and assets, as required by the NIS2 Directive.
Critical infrastructure owners set precise security requirements for their supply chain and clearly defined policies for managing security risks. As a certified vendor with a management system, Mipro continuously maintains its own security posture and is able to meet the security requirements of its customers with high quality.
Mipro’s journey towards ISO/IEC 27001:2022 started years ago, as the information security management system has been developed at Mipro since 2020. Formal work towards ISO 27001 certification started in September 2022 with the development of a requirements matrix. During the following year, the organisation’s implementation of the standard’s requirements was assessed and the missing security controls required by the standard were designed and implemented. In autumn 2023, a pre-audit was carried out, which found that the organisation’s information security management model was at a level that would allow certification. In January 2024, the accredited assessment body DNV audited Mipro’s information security management system and concluded that Mipro had managed information security to the standard.
In our business activities for rail safety systems and water and energy supply systems, we are connected to major critical infrastructure structures in society, making cybersecurity a key issue also from the perspective of overall national security. Increased cyber and hybrid vulnerabilities in the current global environment place new demands on our ability to identify, prevent and counter cyber threats. Risk management is an important tool for preparedness and continuity management, enabling an organisation to respond in a controlled manner to the core functions of crisis resilience, especially in terms of securing vital societal functions.
ISO 27001 is the best-known international standard for information security. The certification demonstrates that Mipro’s information security management system meets industry best practices for identifying, implementing and improving information security in its operating environment in an ever-changing digital environment. The certified management system enables the management of information security from multiple perspectives. The governance model is used to control and develop all information-related activities within the organisation. Whether data is digital or physical, devices, people or services, threats range from external attacks to equipment failures and errors, or threats to data from individual employees.
As a company operating in a safety critical industry, recognising information security as part of overall safety, and addressing it in a concrete way in a changing environment, has been an important area of operational development for Mipro. We have been a systematic pioneer in many areas of safety in Finland for decades, so the recognition of our security performance by an external evaluator shows that we have invested in the right things. ISO 27001 certification enables us to demonstrate the systematic implementation of continuous information security in all our operations.
This in turn strengthens our position as a leading player in our field in Finland and increases our commitment to developing our operations in a more customer-oriented and secure direction.