Information Security and Privacy Statement

Information Security and Privacy Statement

Edita Prima operates in a business environment where trustworthiness and reliability in processing clients´ information are highly business-critical success factors. Due to that, information is the most valuable asset for the company’s business.

Information security and privacy are integral parts of the company’s sustainability management, risk management, and business continuity management.

The company’s Management Team and the entire organization are committed to continually improving information security and privacy. The company is committed to meeting all information security requirements and its business objectives. The Chief Information Security Officer (CISO), the Data Protection Officer (DPO), and the Information Security Team support the Management Team in these tasks.

This statement is in line with and derived from Edita Prima’s Information Security and Privacy policy. Information Security and Privacy policy together with topic-specific policies describe the principles and objectives of administrative, technical, and other practices.

Information security and privacy leadership and management practices in the Edita Prima have been thoroughly described in the company's Information Security Management System (ISMS) documentation. The company’s ISMS is based on the international standard ISO/IEC 27001. The Management Team utilizes the ISMS to:

  • manage the entity of information security and privacy

  • execute objective setting and planning processes

  • implement necessary security controls based on risk management results

  • monitor adequacy and efficiency of implemented security controls

  • ensure continual improvement of security controls

All information owned or managed by the company is handled according to the classification and handling instructions of the information owner. Personal data, however, is processed according to valid EU and national privacy legislation. The company processes personal data in the roles of a processor and a controller. Personal data processing is described and informed to relevant parties e.g. to data subjects.

Every Edita Prima employee must be aware of the company's information security and privacy policies and instructions, including special features and needs in her/his own responsibility area, and commit to complying with them.

For further information, please contact Edita Prima’s Information Security Team via e-mail: information.security@edita.fi.

(This Information Security and Privacy Statement is approved by the Edita Prima Oy:n Management Team on 16.02.2022)