Demonstrating conformity with the requirements is the service provider’s responsibility. In practice, this means being able to produce a valid certificate from an information security inspection body, up-to-date documentation and, if necessary, technical specifications.
Valvira supervises operating environments by means of, for example, assessment and guidance visits, investigations and inspections. Valvira also has the right to use external experts to evaluate the regulatory compliance of secure operating environments. External experts can be used both to assist in inspections and to study and test service providers’ operating environments. Valvira’s supervision mostly focuses on service providers and organisations that rely on secondary-use environments but can also be extended to other organisations if necessary. Both plan-based and reactive supervision approaches are used.
Registration requests can be submitted and changes to entries in the database reported via the secure form submission portal or by emailing a PDF form to
Enquiries related to supervision can be sent by email to
Enquiries related to advice and guidance can be sent by email to
Elina Niemelä Senior Officer Tel. +358 295 209 255