Audit gives green light to the data security of Findata's operating environment

Audit gives green light to the data security of Findata's operating environment

The remote operating environment for researchers by the Health and Social Data Permit Authority Findata has passed its data security audit. The data security of Findata's operating environment was assessed in March and April 2021.

– This audit demonstrates that the Findata operating environment meets the requirements of the Secondary Use Act. This environment handles highly sensitive data, such as people’s health data, and so the data security of the operating environment must be of the highest level, explains Findata Head of ICT Heikki Lanu

Findata grants data permits for the secondary use of data in the social and health care sector, and the data is primarily disclosed within the Findata operating environment. Data permits may be granted for the purposes laid down in the Secondary Use Act, which include scientific research, statistics, teaching, and official planning and investigation tasks. 

Findata's operating environment is a Private Cloud solution produced by CSC and based on the highly secure ePouta platform, which is designed for processing sensitive data. 

Researchers who have been granted a data permit by Findata have their own separate workspace in the operating environment, and this is accessed via the remote desktop. 

Findata compiles the research material, processes it according to the permit conditions (anonymisation or pseudonymisation) and exports it to the folder viewable in the workspace. The workspace also has basic tools for analyzing the data and space for analyzing the results. Each workspace can only be accessed by researchers who have a research permit which gives them the right to do so. 

 – We faced strict requirements from both the Secondary Use Act and Findata, and the timetable set by law was tight. We have nevertheless succeeded in working closely with Findata to provide researchers with a functional and secure platform for handling sensitive research data, concludes Development Manager Miikka Kallberg from CSC.

The Findata operating environment was audited by Nixu Certification Oy.

Heikki Lanu
Head of ICT
telephone 029 524 7174

Miikka Kallberg
Development Manager
CSC – IT Center for Science
mobile 040 551 7521