The comprehensive security management model supports Traficom’s activities

“The coronavirus pandemic had a significant impact on the operation of our agency and the everyday lives of our personnel. We regularly produced an up-to-date situation picture of the transport and communication sectors. We also developed preparedness and continuity planning to ensure the continuity of the activities. The performance of our activities remained at a good level during the challenging year, and we also reached the goals of quality management,” Director of Security Jari Ylitalo sums up.

Along with the growth of e-services and digitalisation, the use of automated services is growing continuously. During 2020, the usage of our e-services increased heavily and the number of service transactions rose from 4.8 million in the previous year to more than 6.2 million. As a controller, we are responsible for ensuring that personal data are processed responsibly and in compliance with legal requirements in the course of the organisation’s activities. We have established a data protection network that shares and implements data protection expertise within the agency and supports the development of data protection in our agency.

Data management model is a tool for development and impact analysis

In accordance with the Act on Information Management in Public Administration, we drew up an information management model in 2020; it enables more effective communication both within the organisation and with external operators on what data are collected and how they move. We also use an operating model for development that emphasises the importance of data protection, information security and risk management in development activities. One of the most important principles of the model is the transparency of development.

The description of document publicity helps and guides our customers

During the year, we drew up a description of document publicity that gives an overall view of the information management of our agency as well as how and to what extent we gather and process data. The aim of the description is to help customers focus their information requests, identify the content of the information request and guide them in searching and using the data sets independently.

We also started drawing up the reference architecture for log management. Our aim is to ensure that we specify, produce and manage logs and log data in a consistent manner. In this way, we ensure that the logs are used in accordance with the regulations.

Information security must be taken into account in the everyday activities and decisions 

Our comprehensive security management model is based on comprehensive and developing risk management with the goal of anticipating, preventing and combating threats to our agency.

Security is the basis of our activities, which means that we review information security annually on many different levels and from different points of view. Our goal for 2020 was to strengthen the safety culture of the agency by increasing the safety awareness of the personnel and harmonising the information security practices. We are creating a positive safety culture that encourages our personnel to have a low threshold of reporting any security incidents they discover.

Data Balance Sheet for 2020 (External link) (in Finnish)