Certification services

Certification by DNV to international or national standards demonstrates your commitment to continual improvement and sustainable business performance. This achievement is more than a ticket-to-trade. Communicating your commitment in the market can help build stakeholder trust and brand confidence.

Nixu Certification Oy is a legal entity owned by DNV AS, trading under the brand names DNV and DNV Cyber. It is an official independent Information Security Inspection Body, accredited by the Finnish National Cyber Security Centre (NCSC-FI) and FINAS Finnish Accreditation Service. Learn more about the requirements of the official information security inspection body.

Our experts have real-life experience in challenging information security management and technical auditing tasks, and they will be there to help you throughout the journey.

We provide a variety of security and privacy assessments that range from country specific criteria to global standards. We also work with many local and global organizations in designing the industry auditing requirements.

We offer broad categories of services: 

Dedicated certification services in Finland

Industry-specific certifications

Service provider and supplier certifications

Information Security Management System (ISMS) certifications

Dedicated certification services in Finland

 

Finnish national security audits

If your organization processes governmental classified information in Finland, it is a requirement that you meet the security criteria assessed in national security audits. As a result of the audit, you may be issued a certificate as proof of compliance.

The criteria include Katakri (National Security Auditing Criteria), PiTuKri (Criteria to Assess the Information Security of Cloud Services), and Julkri Guidelines by the Government Information Security Management Board. 

Identification services certifications

Service providers of electronic identification, authentication, and trust services are regulated by the EU regulation of electronic Identification, Authentication and trust Services (eIDAS). Strong identification and trust services enable users to safely conduct business online such as fund transfers and transactions with public services.

Our information security inspection body is approved by the Finnish Transport and Communications Agency and can provide you with electronic identification and trust service assessments in Finland.

Product security certifications

As a manufacturer, it is a significant benefit for your business if you can tell your potential customers that the development of your products and services has been carried out securely. To officially prove this, we can conduct a product security certification audit.

The Cybersecurity Label has been created by the National Cyber Security Centre Finland (NCSC-FI) at the Finnish Transport and Communications Agency Traficom to help consumers make secure choices. The label shows that the product or service meets the information security requirements set by NCSC-FI. For non-consumer products related to national security, we can help assess products such as secure gateways and cryptography solutions before they are approved by NCSC-FI.

Healthcare certifications

Owners and/or developers of healthcare data systems that are intended for processing client and patient records must conform to multiple requirements set by regulators. The following systems are typically audited: pharmacy systems, Kanta services, client data transfer services, prescription systems, social services client information systems, and healthcare patient information systems.

Our auditors can eventually provide you with the required certification after a successful security assessment. 

 

Industry-specific certifications: Payments and healthcare

Payment Card Industry (PCI) assessments and validations

PCI assessment services help you to become compliant with industry requirements for protecting payment card data. They are essential for every organization which stores, processes, transmits, or can affect the security of cardholder data. Also, if your company develops software for the payment card industry, then PCI SSF is the security standard that you should follow.

We have a broad catalog of standards which we are accredited to perform assessments and validations for, such as PCI DSS, PA-DSS, PCI SSF, and PCI 3DS.

 

Service provider and supplier certifications

Cloud security certifications

As organizations move to the cloud, traditional on-premise audits become obsolete. In cloud transformation, you need to ensure that the selected cloud service provider and its cloud environment meet your security requirements. When you need help assessing your cloud solution’s security, we can use specific cloud criteria to perform the audit

Supplier audits

Suppliers play a crucial role in organizations’ risk posture and should, therefore, be periodically monitored. Monitoring requires internal resources and specific skills that could be utilized for other purposes as well. Outsourcing supplier audits guarantees that suppliers are periodically monitored and saves internal resources for other tasks. We are approved by Microsoft to perform Supplier Security and Privacy Assurance (SSPA) assessments for Microsoft’s suppliers that are working with personal and/or confidential data. We also perform regular and one-time supplier audits on behalf of our customers based on mutually agreed criteria. 

How to survive a Katakri Subdivision I audit

Make sure that you document everything and have the necessary processes in place.

Secure supply chain

We map your supply chain for risks, improve your governance and risk management, and develop a supply chain cybersecurity implementation plan. We support with incident response to help control and limit damage.

Woman in a subway

Navigate regulation and compliance

We take a practical approach to keeping you compliant. We share our regulatory knowledge so you stay ahead of developments in your industry and geography.

Cyber industries

DNV Cyber talks your industry’s language. We safeguard critical infrastructure industries, with specialist IT and OT teams in multiple domains offering regulatory, technical, and commercial knowledge in your sector.