Digital sustainability

We secure people’s privacy in a safe and reliable digital environment

For us, in practice, digitalisation means e.g. more equal participation in society, a more equitable working life, a more flexible work culture, more resource-efficient operations and better productivity. With data, we can automate operations, deliver better services, and create new and innovative solutions.

We also understand the challenges that digitalisation and electronical operations may cause.  Cybersecurity is necessity for individuals, services and products. Thus, the reliability, data security and privacy of our ICT services and processes are even more important. We have over 2.8 million consumer, corporate and public administration organisation customers who we serve in Finland, Estonia and internationally. A profound understanding of our stakeholders’ needs is a prerequisite for developing our services to comply with their changing needs. 

Elisa's digital sustainability in brief

Material topics

  • Safeguarding reliable networks
  • Ensuring cyber security and privacy protection
  • Promoting ethical data management

Focus areas


KPIs

  • 100% of Elisa employees have completed annual data protection training (Finland and Estonia)
  • Cyber security in relation to cyber security index
  • Reducing the number of disturbances
  • Number of cyber security exercises with large corporate customers and authorities (new, 2022)

Governance bodies

Security and data protection (cyber security, data privacy, data request management):

  • Elisa Executive Board > Elisa Security Steering Group
  • Elisa Chief Security Officer
  • Elisa Chief Information Security Officer
  • Elisa Data Protection Officer
  • Elisa Estonia Data Protection Officer
  • Head of Privacy 
  • Chief Data Officer

Accessibility, network management, data analytics and automation:

  • Elisa Executive Board > Production 

Policies and guidelines

  • Elisa Code of Conduct
  • Elisa Personal Data Protection
  • Elisa Processing of Identification Data
  • Elisa Ethical Principles for Data and AI
  • elisa.com/dataprotection

Elisa's policies and guidelines

Employee awareness

  • Ongoing internal training for Elisa personnel in data privacy, cyber security, and accessibility
  • Internal cyber community, data protection ambassadors, accessibility working group


Cyber security and privacy protection

Our business is based on customer trust, service performance and data security. Services that use modern data and information about a person's identity require fair and sustainable data use.

In all our activities, we operate with a high level of data protection. Cyber security is a key component of our activities and the quality of our services. Our guiding principles are the development of a cyber security culture, transparency, clear communication, strong stakeholder cooperation, layered cyber security and continuous development.

The policies on cyber security and privacy are decided by the Elisa Security Steering Group, which also monitors the management of key security risks. The expert groups on data protection, cyber security and operational security are led by the security organisation, and their task is to develop our security activities on an ongoing basis and to put them into practice.

We perform regular audits in our own and our suppliers' environments. They are an integral part of the development of our cyber security capacity.

Our data centers are ISO 27001-certified in Finland and Estonia.

We aim to identify cyber attack attempts as early as possible and to correct identified vulnerabilities or other threats. There is a policy for managing cyber incidents and emergencies.

We provide information on cyber security measures in our services, for example on our website or through customer information. We also report any incidents to the authorities.

The data protection principles describe our practices regarding the processing of personal data, such as the purpose and means of processing, which we take into account, for example, when developing new services or updating existing ones. We also ensure the implementation of our data protection requirements through our supply chain in various ways together with our partners and vendors, such as through agreements, data protection and security audits, and joint security forums. 

We have automated our services so that our customers can easily exercise their right to access their personal data.

We offer our customers services in combating cyber risks and preparing for emergencies.

elisa.com/dataprotection

Services for corporate customers

Read more about cyber security (in Finnish)

Cyber security guidelines:

CERT-EU (Computer Emergency Response Team) has published guidance on Cybersecurity mitigation measures against critical threats

The Cybersecurity & Infrastructure Security Agency (CISA) has published "Shields Up" guidance for organisations  

Traficom National Cyber Security Centre’s  guidance on protecting user accounts using multi-factor authentication  

Collaboration and services to promote cyber security

Cyber risks link events affecting information systems and the physical world to new types of threats to the activities of citizens, businesses and society.

As a pioneer in cyber security in Finland, we already set up our internal CERT team in 2004, which has expanded to become the Cyber Security & Service Operations Center. In 2015, we launched the Elisa Cybersecurity Center for corporate customers, a service independent of operators and manufacturers.

As a provider of critical national infrastructure, we plan our services and implement our system paying thorough and careful consideration to continuity and security.

We promote cooperation and continuous improvement both through internal cyber exercises and in partnership with our customers and authorities. Cooperation with our customers, communities, public authorities and other businesses and business organisations is important in terms of preparation and cyber security.

We are all faced with everyday situations in which it is necessary to safeguard our own data and, for example, to ensure that family members can go online safely. We at Elisa are constantly working to ensure that the network we operate and the services we provide are safe to use. We also want to raise awareness of how you can improve your security and your security as a network and service user.

We provide our customers with services to handle cyber risks and prepare for exceptional situations.

Services for consumer customers

Services for corporate customers

Read more 


Safe and easy-to-use services for everyone

The safety, security, accessibility and ease of use of our inspirational services are the most important issues when developing the customer experience. 

Our aim is to design services based on the needs of our customers. We ensure excellence in customer encounters by regularly inviting our customers to meet our service designers and to test our current and future digital services. To meet the needs of our increasingly multicultural customers, we aim to develop our services in different languages and with clear and easy-to-understand language.

Online services are increasingly used with mobile devices. To ensure the best user experience, all Elisa's services are designed first for small screens, and after that, to be responsive on larger ones. 

We develop our services to become even more accessible through e.g. collaboration with stakeholders. We collect targeted feedback on continuous service development work, e.g. from senior citizens and people with visual impairments.

Opportunities and challenges from data and AI 

Data is at the core of our business and one of the key enablers of our mission. In addition to automation, machine learning and artificial intelligence offer tremendous opportunities for developing operating models, smart data and data usage, as well as services and service experiences.

We are also developing solutions utilising AI for our customers through our digital management applications, the Elisa IoT platform, the Elisa IndustrIQ platform and machine-to-machine interfaces. 

In order to learn, we are continuously implementing pilot projects where we study, for instance, opportunities to improve the user experience for our customers with AI-based applications and services. 

We have identified the inherent challenges of AI and introduced Elisa’s Ethical Principles for Data and Artificial Intelligence, which are used in both responsible and smart data usage and in the development of AI applications, as well as in training courses.  

Well-functioning society and safe services

Our task and important role in Finnish and Estonian society is to ensure comprehensive and reliable mobile and data communication connections and a securely functioning society. We comply with the universal service obligation defined in legislation in both Finland and Estonia.

Utilisation of digital services requires a reliable and ever-faster nationwide network. We measure the coverage and availability of our network with a population coverage indicator. In addition to that, we track an independent study of operators’ network coverage in Finland conducted by ECE Ltd.

Our investments in information networks in Finland and in Estonia enable operational reliability and speed improvements of digital services.

Construction of mast, base and broadcasting stations require municipal permits and good cooperation with municipal and private apartment buildings and landowners. We utilise sites shared with other industry operators for our base stations. More than half of our base stations are situated in shared sites.

Continuous scanning and analysing of our information networks enable our proactive approach in management of disturbances. Over 99% of incidents are prevented with automation.

Description of systems to provide unimpeded service during service interruptions

Elisa’s network is designed to be resilient, and our operations are based on the ITIL model (incident management process). In our operations, we focus on automation and proactively monitoring services. Elisa’s network design principles are based on optimal redundancy. This covers the use of alternative physical locations and routes, as well as redundancy in equipment. Redundancy is also implemented in utility services using e.g. generators and batteries. In Finland, the authorities set requirements for redundancy (TRAFICOM/54045/03.04.05.00/2020), and in addition to those requirements, our design principles also require the utilisation of redundancy to avoid major or business-critical incidents. 

Elisa’s network and services are built using equipment only from selected vendors, and all new systems and software are tested before deployment. The purpose of this testing is to verify compliance with the existing network infrastructure as well as the functionality of the equipment being tested. 

Elisa’s operations are both proactive and automated. The aim is to handle all incidents before they affect customer services. If an incident cannot be avoided, the recovery time is typically short thanks to automated recovery actions. 

To understand the customer experience, Elisa has a Cyber Security and Service Management Center (cSOC), which monitors service availability and the customer experience 24/7. Based on situational awareness, the cSOC is responsible for both internal and external incident communication and also acts as a centralised management function for recovery from major and business-critical incidents and escalation cases. 

Every incident in Elisa’s network is managed using a trouble ticket system. Incident-specific trouble tickets are populated with relevant information, such as the time and nature of the incident, any mitigation measures and information about the final resolution. This information is used in improving the process and other aspects that affect quality by analysis, classification and machine learning algorithms. 

At Elisa, we have a defined process for learning from successes and mistakes. Every incident meeting walks through predefined criteria, and the findings are formulated as improvement tasks for relevant stakeholders. The execution of these tasks is supervised by the Resolution Management function.

Using mobile networks is safe

We ensure the security and quality of our network and the mobile technology we use by operating our network ourselves, using automation solutions that we have developed. We also work closely with experts and operators in the field. We are an expert member of the Federation of Finnish Technology Industries advisory board on electromagnetic fields.

In Finland, the safety of mobile phone networks is monitored by the Radiation and Nuclear Safety Authority (STUK), whose decisions and regulations are based on scientific research findings. In Estonia, the authority is the Environmental Board of the Ministry of the Environment. Elisa constructs new base stations in accordance with regulations from the authorities and complies with laws and official regulations in all its operations. 

Elisa complies with all regulations from STUK and other authorities. All our new access points undergo a safety assessment to ensure that they are placed in a way that is safe for people and the environment.

Decisions made by the Finnish and Estonian authorities on the use of technology are based on the results of international academic research.

There are a number of international academic studies (both completed and ongoing) about the safety of radiofrequency radiation emitted by base stations and mobile phones. Based on the results of these studies, independent expert panels have concluded that, at present, there is no evidence that exposure1) below current maximum values would cause verified harmful health effects. The authority's decisions are based on the results of scientific research showing that base stations do not exceed the limit values for electromagnetic radiation.

The technology underlying 5G is not essentially different from earlier mobile technologies. The construction of 5G networks follows regulations from STUK. We carry out safety assessments for all new base stations.

Reliable information about the subject is available, for example, from these places:


1) The SAR (specific absorption rate), a measure of the absorption rate of a radiofrequency emission device, is used to measure the effect of a radio wave on the tissues of the head or body. Its unit is W/kg. The maximum SAR value for mobile phones of 2 W/kg was established by Decree 294/2002 of the Ministry of Social Affairs and Health. The limit value is well below the exposure level that has been found to have an adverse effect. Mobile phones have been tested at STUK since 2003, and other devices have been tested since 2013. The SAR values of the measured phones and terminals have varied between 0.2 and 1.4 W/kg. No equipment tested at STUK has had an SAR value that exceeded the limit value. For exposure from mobile phones to the head, tests are performed according to the requirements of the international IEC 62209-1 standard.