Data protection

Information security policy

We at GRK are committed to protecting information belonging to our customers, partners and personnel in accordance with the best security practices. The objective of the information security policy is to ensure operational continuity in all situations and throughout the entire value chain. The key principles of our information security policy are:

• Confidentiality: We protect sensitive information against unauthorized access
• Integrity: We ensure correctness and reliability of the information stored, processed and transmitted by GRK
• Availability: We make sure that information and services are available for authorized users when needed
• Compliance: We adhere to applicable legislation, directives, regulations and standards, such as GDPR, NIS2 and ISO 27001
• Continuous monitoring: Security of our environment is constantly monitored, and abnormal events are addressed immediately
• Continuous improvement: We evaluate and improve our information security procedures regularly, to keep pace with the emerging threats and evolution of technology.

We use modern technical solutions and processes and perform regular information security audits to ensure the security of our environment. Our personnel have been trained to recognize and deter information security threats. We are in close cooperation with our partners, to ensure that our entire delivery chain adheres to the same stringent security standards as GRK does.

This information security policy is approved by the Board of Directors of the parent company GRK Infra Oyj. Minor amendments to this policy are approved by the Group’s Director responsible for risk management.

More information regarding GRK information security arrangements can be obtained by contacting GRK IT management (tietoturva@grk.fi).