Information Security and Privacy Statement

Information Security and Privacy Statement

Edita Prima operates in a business environment where trustworthiness and reliability in processing clients´ information are highly business critical success factors. Due to that, information is the most valuable asset for the company’s business.

Information security and privacy are integral parts of the company’s sustainability management, risk management and business continuity management.

The company’s Management Team is committed to continually improve information security and privacy and thus supporting the entire organization in achieving its business objectives. The Chief Information Security Officer (CISO), the Data Protection Officer (DPO) and the Information Security Team support the Management Team in these tasks.

This statement is in line with and derived from the Edita Prima’s Information Security and Privacy policy. Information Security and Privacy policy together with topic-specific policies describe the principles and objectives into administrative, technical and other practices.

Information security and privacy leadership and management practices in the Edita Prima are thoroughly described in the company's Information Security Management System (ISMS) documentation. Company’s ISMS is based on the international standard ISO/IEC 27001. The Management Team utilizes the ISMS to:

  • manage the entity of information security and privacy

  • execute objective setting and planning processes

  • implement necessary security controls based on risk management results

  • monitor adequacy and efficiency of implemented security controls

  • ensure continual improvement of security controls

All information owned or managed by the company is handled according to classification and handling instructions of the information owner. Personal data, however, is processed according to valid EU and national privacy legislation. The company processes personal data in roles of a processor and a controller. Personal data processing is described and informed to relevant parties e.g. to data subjects.

Every Edita Prima employee must be aware of the company's information security and privacy policies and instructions, including special features and needs in her/his own responsibility area, and commit to comply with them.

For further information, please contact Edita Prima’s Information Security Team via e-mail: information.security@edita.fi.