Digital security concerns issues related to risk management, continuity management and preparedness, cybersecurity, information security and data protection. Within the framework of comprehensive security, the objective of digital security is to protect citizens, communities and society from risks and threats that may affect personal data and citizens' services, and the processes, services and data which society and authorities manage in a digitalised environment. At the same time, digital security enables the development and security of services that make use of both existing and new technologies in the 2020s.
The Ministry of Finance is responsible for the general principles of information policy, information management and e-services in public administration. To that end, the Ministry of Finance prepares the general principles and requirements for data security concerning the ICT infrastructure, digital services and data in public administration. It drafts and directs the implementation of digital security policies, provisions and development programmes, and sets up the necessary management groups and cooperation networks. The Ministry of Finance has set up a strategic management group for digital security in public administration for the balanced promotion of digitalisation and digital security.
The common starting points for digital security in public administration are Finland’s Cyber Security Strategy and its implementation, along with the information security and cyber security requirements defined for public administration in legislation. The Ministry of Finance is preparing a decision on digital security in public administration and an implementation plan that is intended to replace the 2009 Government Resolution on Enhancing Information Security in Central Government.
In accordance with the Act on the Provision of Digital Services (306/2019), each authority designs and maintains its digital services in such a way as to ensure their data security, data protection, findability and ease of use. The Act on Information Management in Public Administration (906/2019) describes the minimum requirements for information security in public administration. The key task of each information management unit is to manage data risks and to scale information security measures in accordance with risk assessments. On the basis of the Act on Information Management in Public Administration and the Government Decree on Security Classification of Documents in Central Government (1101/2019), information security recommendations were prepared under the leadership of the Ministry of Finance in 2019 for processing by the Information Management Board during 2020.