FinnGen Sandbox is now a certified secure operating environment
Information security certification is required of all operating environments that are used to analyse data sets for the purposes specified in the Act on the Secondary Use of Health and Social Data that are subject to a data permit. The requirements are based on a regulation of the Health and Social Data Permit Authority (Findata).
An authorized information security auditor company inspected the operating environment and issued a certificate of conformity with the requirements. The FinnGen Sandbox audit took place between August 2021 and April 2022. Several updates were implemented during the audit and no major nonconformities were left outstanding at the end of the audit. The certificate was granted on 20th April 2022 and is valid for five years.
Overall, the development of secure analysis environment has been a very important project for the FinnGen study. Several million euros have been invested, and it has taken many years to build the environment and complete the certification process.
The National Supervisory Authority for Welfare and Health (Valvira) keeps a public database of regulatorily compliant secure operating environments registered by service providers. By now, a total of eight audited secondary-use environments are registered. FinnGen Sandbox was the fourth to be approved and there are no pending nonconformities that should be fixed.