Data protection and information security
The purpose of high-quality data protection and information security management is to ensure the secure legal processing of all of Pihlajalinna’s data, particularly patient and personal data, as well as the protection of the privacy of patients, customers and the company’s personnel. Pihlajalinna is committed to complying with the ISO27001 standard, which supports the implementation of information security and data protection. The Group’s information security principles are described in Pihlajalinna’s data protection and information security policy, which includes data protection and information security as an integral part of all operations. Developing and maintaining data protection and information security is part of the Groups security activities, risk management and internal control. Information security and data protection management ensure the confidentiality, integrity and availability of data.
Data protection and information security are also an important part of Pihlajalinna’s ISO 9001-certified quality management system. Pihlajalinna’s principles, guidelines and policies concerning information security are reviewed and updated regularly, at least once a year. Information security and data protection training is mandatory for all personnel and must be renewed once a year. This ensures that Pihlajalinna’s information security policies are implemented and put into practice. In addition, Pihlajalinna regularly distributes information security instructions to its personnel.
Data protection and information security is managed and monitored by the CEO of Pihlajalinna. The CEO decides the development goals, organisation, resources and operating authorisations of the various sections of overall safety and security. The person in charge of data protection is the Chief Medical Officer, who appoints the company’s data protection officers. The Chief Information Officer is the manager responsible for information security and appoints the Chief Information Security Officer and the Information Security Manager.
