Digital sustainability

We secure people’s privacy in a safe and reliable digital environment

For us, in practice, digitalisation means, for example, more equal participation in society, a more equitable working life, a more flexible work culture, more resource-efficient operations and better productivity. With data we can automate operations, deliver better services, and create new and innovative solutions.

We also understand the challenges that digitalisation and electronical operations may cause.  Cybersecurity is necessity for individuals, services and products. Thus reliability, data security and privacy of our ICT services and processes are even more important. We have over 2.8 million consumer, corporate and public administration organisation customers who we serve in Finland, Estonia and internationally. A profound understanding of our stakeholders’ needs is a prerequisite for developing our services to comply with their changing needs. 

Elisa's digital sustainability in brief

Material topics

    We secure people’s privacy in a safe and reliable digital environment

    • Safeguarding reliable networks
    • Ensuring cyber security and privacy protection
    • Promoting ethical data management

    • 100% of Elisa employees have completed the annual data protection training (Finland and Estonia)
    • Cyber security in relation to cyber security index
    • Reducing the number of disturbances
    • Number of cyber security exercises with large corporate customers and authorities (new, 2022)

    Risk Management

    Policies and Guidelines

    Governance bodies

    Security and data protection (cyber security, data privacy, data request management):

  • Elisa Executive Board > Elisa Security Steering Group
  • Elisa Chief Security Officer (CSO)
  • Elisa Chief Information Security Officer (CISO)
  • Elisa Data Protection Officer (DPO)
  • Elisa Estonia Data Protection Officer (DPO)
  • Head of Privacy 
  • Chief Data Officer
  • Accessibility, network management, data analytics and automation:

    • Elisa Executive Board > Production 

    Employee awareness

    • Ongoing internal trainings for Elisa personnel in data privacy, cyber security, and accessibility. 
    • Internal cyber community, data protection ambassadors, accessibility working group. 

    Focus areas

    Cyber security and protection of privacy

    Our business is based on customer trust, service performance and data security. Services that use modern data and information about a person's identity require fair and sustainable data use.

    In all our activities, we are working with a high level of data protection. Cyber security is a key component of our activities and the quality of our services. Our guiding principles are the development of a cyber security culture, transparency, clear communication, strong stakeholder cooperation, cyber security layering and continuous development.

    The policies on cyber security and privacy are decided by the Elisa Security Steering Group which also monitors the management of key security risks. The expert groups on data protection, cyber security and operational security are led by the security organisation and their task is to develop our security activities on an ongoing basis and to put them into practice.

    We perform regular audits in our own and supplier environment. They are an integral part of the development of our cyber security capacity.

    Our data centers are ISO 27001 certified in Finland and Estonia.

    We aim to identify cyber attack attempts as early as possible and to correct identified vulnerabilities or other threats. There is a policy for managing cyber disorders and emergencies.

    We provide information on cyber security measures in our services, for example on our website or through customer information. We also report any incidents to the authorities.

    The data protection principles describe the practices regarding the processing of personal data, such as purposes and means of the processing, which we take into account, for example, when developing new services or updating any existing ones. We also ensure the implementation of our data protection requirements through our supply chain in various ways together with our partners and vendors, such as through agreements, data protection and security audits and joint security forums. 

    We have automated our services so that our customers can easily exercise right of access their personal data.

    We offer our customers services in combating cyber risks and preparing for emergencies.

    Services for corporate customers

    Read more about cyber security (in Finnish)

    Cyber security guidelines:

    CERT-EU (Computer Emergency Response Team) has published guidance on Cybersecurity mitigation measures against critical threats

    Cybersecurity & Infrastructure Security Agency (CISA) has published Shields Up -guidance for organisations  

    Traficom National Cyber Security Centre’s  guidanceon protecting user accounts through multi step authentication (in Finnish)  

    Collaboration and services to promote cyber security

    Cyber risks link events affecting information systems and the physical world to new types of threats to the activities of citizens, businesses and society.

    As a pioneer in cyber security in Finland, we already set up our internal CERT team in 2004, which has expanded to Cyber Security & Service Operations Center. In 2015, we launched the Elisa Cybersecurity Center for corporate customers, a service independent of operators and manufacturers.

    As a provider of critical national infrastructure, we plan our services and implement our system, also with regard to continuity and security considerations.

    We promote cooperation and continuous improvement both through internal cyber exercises and in partnership with our customers and authorities. Cooperation with our customers, communities, public authorities and other business and business organisations is important in terms of preparation and cyber security.

    We are all faced with everyday situations in which it is necessary to safeguard our own data and, for example, to ensure that family members operate safely online. We in Elisa are constantly working to ensure that the network we operate and the services we provide are safe to use. We also want to raise awareness of how you can improve your security and your security as a network and service user.

    We provide our customers with services to handle cyber risks and prepare for exceptional situations.

    Services for consumer customers

    Services for corporate customers

    Read more 

    Safe and easy to use services for everyone

    Safety, security, accessibility and ease of use of our inspirational services are the most important issues when developing the customer experience. 

    Our aim is to design services based on needs of our customers. The excellence in customer encounter is ensured by regularly inviting our customers to both meet our service designers and to test our current and coming digital services. To meet the needs of our multi-culture customers aim to develop our services in different languages and with easy language.

    Online services are increasingly used with mobile devices. To ensure the best user experience, all Elisa's services are designed first for small screens and after that to be responsive in larger once. 

    We develop our services to become even more accessible also e.g. through cooperation. We collect targeted feedback on continuous service development work, e.g. senior citizens and special groups such as the visually impaired.

    Data and Artificial Intelligence opportunities and challenges 

    Data is in the core of our business and one of the key enablers of our mission. In addition to automation, machine learning and artificial intelligence offer tremendous opportunities for developing operating models, smart data, data usage, and services and service experiences.

    We are also developing solutions utilising AI for our customers through our digital management applications, the Elisa IoT platform, the Elisa IndustrIQ platform and machine-to-machine interfaces. 

    In order to learn, we are continuously implementing pilot projects where we study, for instance, opportunities to improve the user experience for our customers with AI-based applications and services. 

    We have identified the inherent challenges of AI and introduced Elisa’s Ethical Principles for Data and Artificial Intelligence, which are uused in both responsible and smart data usage and in the development of AI applications as well as in trainings.  

    Functioning society and safe services

    Our task and important role in Finnish and Estonian society is to ensure comprehensive and reliable mobile and data communication connections and secure functioning society. We comply with the universal service obligation defined in legislation both in Finland and Estonia.

    Utilisation of digital services requires a reliable and ever faster nationwide network. We measure the coverage and availability of our network with a population coverage indicator. In addition to that we track to an independent study ‘coverage of the operators’ networks in Finland conducted by ECE Ltd.

    Our investments in information networks in Finland and in Estonia enable operational reliability and speed improvements of digital services.

    Construction of mast, base and broadcasting stations require municipal permits and good cooperation with municipal and private condominiums and landowners. We utilise joint sites with other industry operators for our base stations. More than half of our base stations are situated in joint sites.

    Continuous scanning and analysing of our information networks enable our proactive approach in management of disturbances. Over 97% incidents are prevented with automation.

    Description of systems to provide unimpeded service during service interruptions

    Elisa’s network is designed to be resilient and our operations is based on ITIL model (The incident management process). In operations our focus is in automation and proactive service monitoring. Elisa’s network design principles are based on optimal redundancy. This covers both the use of alternative physical locations, routes and redundant equipment. Also the utility services are redundant by using e.g. generators and accumulators. In Finland authorities set requirements for redundancy and in addition to those requirements our design principles also require the utilization of redundancy to avoid Major or Business Critical incidents (TRAFICOM/54045/ 

    Elisa’s network and services are built by using equipment only from selected vendors and all new systems and software are tested before deployment. The purpose of testing is to verify the compliance to both existing network infrastructure and the functionality of tested entity. 

    Elisa’s operations is both proactive and automated. The aim is to handle all incidents before those affect to customers services. If the incident can’t be avoided the time to recover is typically short because of automated recovery actions. 

    To understand customer experience Elisa has a Cyber Security and Service Management Center (cSOC) which is monitoring service availability and customer experience 24/7. Based on situational awareness the cSOC is responsible for both internal and external incident communication and also acts as a centralized management function for repair of major and business critical incidents and escalation cases. 

    Every incident in Elisa’s network is managed by trouble ticketing system. Incident specific trouble tickets are populated with relevant data such as incident time, the nature on the incident, mitigative actions and actual repair. This data is used for improving the process and other quality affecting aspects by analysis, classification and machine learning algorithms. 

    In Elisa we have a defined process for learning from successes and mistakes. Every incident meeting pre-defined criteria is walked trough and findings are formulated as improvement tasks to relevant stakeholders. Executing the tasks is managed by Problem Management function.

    The use of mobile network is safe

    We ensure the security and quality of our network and the mobile technology we use by operating our network ourselves, using automation solutions that we have developed. We also work closely with experts and operators in the field. We are an expert member on the Electromagnetic Fields (EMF) advisory board.

    In Finland, the safety of the mobile phone networks is monitored by the Radiation and Nuclear Safety Authority (STUK), whose decisions and regulations are based on scientific research findings. In Estonia the authority is The Environmental Board of the Environmental Ministry. Elisa operates in the construction of base stations in accordance with the authority regulations and complies with laws and official regulations in all its operations. 

    Elisa complies with all regulations from the Finnish Radiation and Nuclear Safety Authority (STUK) and other authorities. All our new access points undergo a safety assessment to ensure that they are placed in a way that is safe for people and the environment.

    Decisions made by the Finnish and Estonian authorities on the use of technology are based on the results of international academic research.

    There are several finalised and ongoing international academic studies about safety of the radiofrequency radiation generated from base stations and mobile phones. Based on study results independent expert panels have concluded that at present there is no evidence that exposure1) below current maximum values would cause verified harmful health effects. The authority's decisions are based on scientific research results, according to which base stations do not exceed the limit values for electromagnetic radiation. We carry out a safety assessment for new base stations.

    5G is not essentially different technology compared to other mobile technologies. 5G construction follows the regulations of the Finnish Radiation and Nuclear Safety Authority (STUK). We carry out a safety assessment for new base stations.

    Reliable information about the subject is available, for example, at the following addresses:

    1) The SAR (Specific Absorption Rate), a measure of the absorption rate of a radio frequency emission device, is used to measure the effect of a radio wave on the tissues of the head or body. Its unit is W/kg. The maximum SAR value for mobile phones of 2W/kg has been established by Decree 294/2002 of the Ministry of Social Affairs and Health. The limit value is well below the exposure level that has been found to have an adverse effect. Mobile phones have been tested at STUK since 2003 and other terminals have been tested since 2013. The SAR values of the measured phones and terminals have varied between 0.2 and 1.4W/kg. The SAR value of any equipment tested at STUK has not exceeded the limit value. For exposure of mobile phones to the head, the tests shall be performed according to the requirements of the international standard IEC62209-1