Vertia's Information Security Policy

1. Goal

Vertia’s information security team ensures the smooth operation and security of Vertia’s information systems.

Information security refers to the secure handling of all data, regardless of its format. Information security involves ensuring the confidentiality, integrity, and availability of data.

Vertia’s business operations require that its information systems function smoothly and securely. To ensure this, information security is actively monitored, and any deviations are addressed promptly in accordance with predefined procedures.

Information security is implemented and developed using solutions that are appropriate in terms of risk and cost-effective. Operations take into account the agreements with employees, customers, and partners, privacy protection, and other legal requirements. Information security measures are used to manage the risks associated with the adoption of new operating methods and technologies.

Customer and other personal data are used only for purposes permitted by contracts and the law, and are accessible only to those who need them for their work.

 

2. Responsibilities and Organization

The business unit is responsible for defining information security requirements for information systems and for ensuring adequate resources for information security. The information security team is responsible for developing business continuity plans for processes critical to the business. These plans are maintained, tested, and practiced regularly to ensure they remain up to date.

The Information Security Team ensures that information security risks are identified and assessed, and that the necessary measures are implemented to keep information security up to date. The information security team is responsible for ensuring that the business complies with requirements based on laws and other external regulations in its operations. The information security team is responsible for providing information security guidance, defining general information security requirements, and overseeing technical information security. Information security solutions are implemented using up-to-date technologies, with particular attention paid to user experience and usability.

It is the responsibility of all members of the information security team to ensure that employees are aware of information security issues so that they can recognize security threats and respond appropriately when they encounter them.

All employees are required to familiarize themselves with and comply with the provided guidelines, as well as to report any information security threats or risks they identify. As part of its normal operations, the information security team is responsible for monitoring employees’ compliance with information security guidelines and, if necessary, addressing any actions that violate information security policies and guidelines.


3. Information Security Policies


Risk Assessment

Information security risks are assessed and analyzed based on their impact on business operations. The assessment must be conducted during the specification phase of new systems and in connection with significant changes that affect the criticality of operations.

Centralized user rights management

The goal is for the administrators of all systems and the information security team to define the principles for granting access rights. Access rights for external users are managed centrally.

Classification and Processing of Data

Vertia uses a data security classification method that defines how data is classified and how data in different categories is handled.

Processing of Personal Data

The processing of personal data via remote connections is prohibited without specific procedures in place. Exceptions must be approved by the information security team and may be implemented in accordance with separately agreed-upon methods.

Cybersecurity Training

Every Vertia employee participates in information security training or reviews the information security guidelines.

Supervision and Monitoring

Improving and maintaining information security requires systematic and continuous monitoring of information systems. Those responsible for monitoring are bound by a duty of confidentiality regarding the information they handle in the course of their work. They are required to sign a confidentiality agreement, whether they are employed by Vertia or a third party.

The information security situation is reported as part of normal internal monitoring. Technical information security is continuously assessed.

Handling of Security Incidents

Vertia has effective procedures and tools in place to detect information security incidents. In addition, it has contingency plans in place and conducts regular drills.

 

4. Monitoring of Service Providers

Suppliers must agree to comply with the data protection requirements set by Vertia, which are outlined in the data protection addendum to the service agreements.

 

5. Data Breaches

Any action that violates the information security policy or guidelines is considered an information security breach. Information security is monitored in accordance with best practices for oversight.

 

6. Communication with staff and partners

Both an internal and a public version of the information security policy will be published. The internal version will be communicated to all staff. The public version will be published in Finnish on Vertia’s website and shared with partners.

 

7. Approval and Adoption of the Information Security Policy

 

This policy takes effect immediately.

 

Helsinki, May 14, 2018

 

OUR CUSTOMERS

Retta
Jetta-talo
Kontio hirsitalot ja huvilat
NCC
Jatke Oy
Den Finland Oy
JM Suomi OY
Kastelli-talot Oy
Rakennusliike Lapti Oy
Lujatalo Oy
YIT
SSA

WHY CHOOSE VERTIA?

We operate with a high degree of flexibility and speed

Our operating model allows us to provide a highly flexible service, and we can be on site at short notice if needed.

We make things very easy for you

We’ll take care of everything related to the measurements for you. We’ll make sure that all parties are aware of the measurements and that they’re carried out at the right time.

We help improve the quality of your building

We don’t just take measurements—we also provide advice and guidance, and we work to ensure that the quality and condition of your building improve and that projects are completed on time and to a high standard.

4,72/5

Average customer rating

40

A surveyor at your service

Over 19,000

The measured building

€2.9 million

Revenue (July 2024)

WHAT PEOPLE SAY ABOUT US

4,72/5
(774 Reviews)
Yhteydenpito
4,61/5
Mittaajan toiminta
4,77/5
Raportti
4,70/5

""Site condition management went smoothly throughout the project. The service provider clearly articulated their recommendations to ensure sufficiently accurate monitoring of dust, temperature, humidity, and other factors. Coating suitability tests were also conducted according to the agreed schedule. We received good, practical guidance on improving conditions related to drying. The re-measurements were carried out as agreed. ""

Ville Koivisto, Pohjola Construction Ltd, Finland

""Our collaboration with Vertia's employees has been excellent in every respect. When it comes to issues critical to the site's schedule, they have been willing to be flexible and accommodate our needs whenever requested by the site. In particular, Vertia has provided us with a great deal of extremely important assistance in managing conditions that promote drying.""

Jami Berghem, COfLOW Oy

""Great work. Just like the old days. They were involved in the building permit phase of our project regarding moisture control. The actual contract was signed after work had begun. We also ordered airtightness tests through a supplementary agreement. ""

Pekka Ruskokivi, Maxbuild, Inc.

Luottoluokitus Luotettava kumppani