Information security policy

Information security policy

RAOS Project Oy’s management recognizes information security as top priority with a special emphasis on nuclear safety to achieve the strategic goals set by RAOS Project Oy’s management.

RAOS Project Oy’s management is committed to promoting a culture of security by establishing and maintaining effective information security measures to protect information in the scope of the Information Security Management System (ISMS). The ISMS covers maintaining the integrity, non-repudiation, availability and confidentiality of the information stored, processed or transferred in different formats at the stages of design, management of equipment manufacturing and delivery, management of construction and erection works, adjustment and commissioning of the Hanhikivi-1 Nuclear Power Plant.

RAOS Project Oy’s management undertakes to conform to the information security management requirements set forth in ISO 27001, IAEA Guidelines and Standards, STUK’s YVL Guides, the Finnish and Russian legislation, and the EPC Contract for the Hanhikivi-1 Nuclear Power Plant Project.

RAOS Project Oy’s management demonstrates commitment to information security by creating the policy and associated requirements, assigning specific roles and responsibilities, and allocating appropriate resources in order to implement and continually improve the ISMS.

The key objectives of the ISMS include:

  • Ensuring compliance with applicable information security regulations and expectations of stakeholders;
  • Ensuring cyber resilience and process continuity in RAOS Project Oy;
  • Identifying information security risks and reducing them to an acceptable level.

The key principles of the ISMS are as follows:

  • Nuclear, radiation safety and information security are paramount and cannot be compromised;
  • Information security is an integral part of every procedure, process or activity in RAOS Project Oy;
  • All RAOS Project Oy employees treat information security as a vital part of their day-to-day work;
  • All subcontractors and third parties follow the same information security requirements as RAOS Project Oy;
  • RAOS Project Oy continually improves the suitability, adequacy and effectiveness of the ISMS.

The Information Security Policy is subject to periodic assessment, revision and updating every two years or, if necessary, at shorter time intervals to reflect changing conditions.