Article
Nitor has been awarded ISO/IEC 27001:2022 certification by Kiwa, a globally recognised certification body. The certification covers the company’s consulting services, managed services, internal operations, and its offices in Helsinki and Tampere.
The certification confirms that Nitor's information security management system meets the latest international standard for information security management and related governance practices. The audit was conducted and the certificate issued by Kiwa, whose independent assessments are trusted by organisations across Europe and beyond.
"This is a major milestone for us," says Erkki Pulliainen, CIO at Nitor.
"It reflects years of solid security practices and focused work over the past two years. Certification provides a concrete promise to our customers that information security is built into everything we do at Nitor and that our information security management meets the highest international standards. This is especially important now that AI is reshaping the security landscape."
Digital services are built on trust
As a digital consultancy, Nitor's impact is realised through the products, services and platforms it builds together with its clients in the AI era. Information security, responsible AI use, and accessibility are built into how Nitor designs and delivers those services – not as compliance requirements, but as part of everyday engineering.
Nitor's information security policies and management system ensure that personal data and sensitive information are handled responsibly and securely in the solutions Nitor helps build. These policies apply to all of Nitor's own operations in Finland and to the solutions it develops and delivers to customers. They cover the end users of those digital products and services.
Compliance is becoming a competitive differentiator
The timing reflects a broader market shift. Regulation across the Nordic IT sector is tightening rapidly. Frameworks and legislation such as NIS2, DORA, the Cybersecurity Act, the EU AI Act, and the European Accessibility Act are raising expectations for how digital services are built, operated and governed.
"Our customers' requirements have changed and so has the regulatory landscape," says Jens Krogell, CEO of Nitor.
"Organisations are looking for IT partners who can demonstrate that security is embedded across the whole organisation, not handled case by case. This certification is increasingly the baseline expectation, and we wanted to meet it comprehensively across all our services and both our offices."
Early capability investment in compliance is becoming a direct procurement advantage. Nitor's certification positions it to serve demanding customers in regulated industries, including financial services, critical infrastructure and the public sector.
ISO/IEC 27001 certification formalises practices that have long been part of Nitor's way of working. It gives customers independent assurance that information security is managed systematically across the whole company.
