Quality management system (General)

​

What is it?
An international standard for quality management systems.

​

Who is it for?
All companies for whom a quality management system is important or required by customers.

​

Why is it needed?
It brings credibility, helps attract larger clients, and is often a requirement when working with major clients.

Information Security Management System

What is it?
A standard for managing information security and risk management.

Who is it for?
Companies that handle personal data or significant volumes of information.

Why is it needed?
It is a customer requirement especially in critical industries, and it helps with responding to security queries.

National Security Audit Criteria (KATAKRI)

What is it?
Finland’s national security standard.

Who is it for?
Suppliers to government agencies and operators in security-critical sectors.

Why is it needed?
Often a requirement in requests for tenders and a prerequisite for handling classified information.

Security Audit Criteria for Cloud Services (PiTuKri)

​

What is it?

A standard for the security of cloud services.

​

Who is it for?

Suppliers to government agencies and companies providing cloud services.

​

Why is it needed?

A requirement in requests for tenders involving the handling of classified information in cloud environments.

Information Security for the U.S. Market

What is it?
A U.S. information security standard comparable to ISO 27001.

Who is it for?
Technology companies operating in the U.S. market.

Why is it needed?
Helps demonstrate the reliability of information security and meet customer requirements in the U.S.

Information Security Management System

What is it?
A standard for managing information security and risk management.

Who is it for?
Organizations that handle personal data or significant volumes of information.

Why is it needed?
A common customer requirement, especially in critical industries, and a valuable asset in responding to security questionnaires.

Environmental Management System

What is it?
A standard for managing and reporting environmental impacts.

Who is it for?
Companies whose operations have an environmental impact or who want to emphasize their commitment to sustainability.

Why is it needed?
A customer requirement, an environmental permit condition, or a marketing advantage.

Occupational Health and Safety Management System

What is it?
A standard for managing occupational health and safety and preventing risks.

Who is it for?
Companies whose employees work in challenging environments.

Why is it needed?
Helps meet legal requirements and improves workplace safety.

Quality Management System for Medical Devices and Software

​

What is it?
A quality management standard specifically designed for medical devices and related software.

Who is it for?
Suppliers of medical devices and their components.

Why is it needed?
It is a prerequisite for obtaining CE marking in Europe and FDA approval in the United States.

Risk Management for Medical Devices

What is it?
A standard for risk management related to medical devices.

Who is it for?
Suppliers of medical devices and their components.

Why is it needed?
It is a mandatory part of the ISO 13485 quality system and helps model the safety risks associated with the use of the device.

Cybersecurity in Industrial Environments

What is it?
A standard for managing cybersecurity in industrial systems and automation.

Who is it for?
Suppliers of industrial components.

Why is it needed?
To meet legal requirements in Europe and to enhance cybersecurity.

Product Cybersecurity for Medical Devices

What is it?
A standard for managing cybersecurity risks in medical devices and related software.

Who is it for?
Suppliers of medical devices and their components.

Why is it needed?
Helps identify and model cybersecurity risks and supports compliance with industry requirements.

Act on the Processing of Social and Healthcare Client Documents

​

What is it?
A Finnish law regulating the security and handling of data in social and healthcare information systems 

Who is it for?
Suppliers of social and healthcare information systems.

Why is it needed?
It is a prerequisite for connecting to Kanta Services and for entering the Finnish market with social and healthcare software 

Cybersecurity and Certification for Social and Healthcare Information Systems

​

What is it?
Requirements issued by the Finnish Institute for Health and Welfare (THL) for social and healthcare information systems.

Who is it for?
Suppliers of social and healthcare IT systems.

Why is it needed?
Mandatory for connecting to Kanta Services and for entering the Finnish market with healthcare software

Quality Management System for Automotive Components

​

What is it?
A quality management system standard for the automotive industry.

Who is it for?
Suppliers of automotive components.

Why is it needed?
It is a requirement set by automotive manufacturers and a prerequisite for operating in the industry.

Software Development in the Automotive Industry

What is it?
A standard for software development in the automotive sector.

Who is it for?
Suppliers of automotive components.

Why is it needed?
It is a requirement set by car manufacturers for delivering embedded software.

Cybersecurity in the Automotive Industry

What is it?
An international standard for managing cybersecurity risks in road vehicles

Who is it for?
Suppliers and manufacturers of automotive components and systems 

Why is it needed?
Helps meet legal requirements in Europe (e.g. UNECE WP.29) and is increasingly required by car manufacturers

Cybersecurity in Railway Systems

What is it?
A standard for managing cybersecurity in railway applications.

Who is it for?
Suppliers of railway components and systems.

Why is it needed?
Supports compliance with European regulatory requirements and helps manage cybersecurity risks in rail transport environments

Cybersecurity in Railway Systems

What is it?
A standard for managing cybersecurity in railway applications.

Who is it for?
Suppliers of railway components and systems.

Why is it needed?
Supports compliance with European regulatory requirements and helps manage cybersecurity risks in rail transport environments

Cybersecurity in Railway Systems

What is it?
A standard for managing cybersecurity in railway applications.

Who is it for?
Suppliers of railway components and systems.

Why is it needed?
Supports compliance with European regulatory requirements and helps manage cybersecurity risks in rail transport environments