Skip to content
PrivateCorporate customersService points
PassengersParcelsFrequently asked questionsCustomer serviceNews
Log in
Front page

Information Security Policy

This Information Security Policy outlines the principles, objectives and implementation of the information security of Oy Matkahuolto Ab (hereinafter referred to as "Matkahuolto"). The Information Security Policy defines the information security requirements that support Matkahuolto's business operations and creates a basis for the planning, development and implementation of operations in accordance with the policy. In addition, guidelines have been drawn up to support the implementation of the requirements and objectives of information security in various areas of information security.

At Matkahuolto, information security means the protection of all data processed by Matkahuolto to the extent necessary to ensure confidentiality, integrity and usability. It also includes the information security requirements required for the implementation of data protection.

The Information Security Policy obliges all Matkahuolto employees, partners and service providers that process Matkahuolto's data or systems.

Information security objectives

The primary objective of information security is to ensure the continuity of Matkahuolto's operations in all circumstances. Information security protects the confidentiality, integrity and availability of information. In addition to the operating environment and stakeholder expectations, Matkahuolto's information security goals are based on statutory obligations and business continuity requirements.

Matkahuolto's information security goals are:

  • Ensure business continuity.

  • To protect the personal data processed during operations.

  • Protect the data processed in the operation in accordance with the classification requirements.

  • Ensure compliance with legal obligations.

  • Ensure that customer expectations and requirements are met in terms of data security.

  • Integrate information security as part of the operating culture.

Implementing information security

Processing of personal data

The processing of personal data is defined in Matkahuolto's data protection policy. Data protection is ensured in all forms of data throughout its life cycle. Personal data is processed in accordance with data protection requirements and is protected from unauthorised processing. Information security requirements The required level of information security is determined based on a risk assessment. The requirements apply to both Matkahuolto's own operations and partners processing Matkahuolto's data. If necessary, the compliant level of information security can be verified through assessments and audits.

Risk assessment

Information security risk assessments serve as a basis for determining the required level of information security. Risks are assessed when designing new services or systems and in connection with significant changes. Regarding information security-critical systems, risk assessments are carried out regularly.

Classification and processing of information

Matkahuolto classifies information according to its confidentiality. The classification of information guides the risk assessment and the required information security measures.

Training

Matkahuolto uses various operating models to improve the information security awareness of its personnel: training, communications, intranet news and simulated exercises. In addition, tailored information security training can be organised for different employee groups.

Monitoring

The implementation of information security is regularly monitored and supervised by technical and organisational means. Observations, deviations and development needs are processed in a defined manner, and the state of information security is reported to the management as part of continuous improvement.

Handling information security incidents

Matkahuolto has operating models and services in place for identifying information security incidents, as well as operating models for processing and reporting potential data breaches.

Information security breaches

Non-compliance with the Information Security Policy and related guidelines is regarded as an information security breach. Matkahuolto has determined procedures for situations involving breaches.

Responsibilities and organisation

The Information Security Policy is approved by Matkahuolto's Management Team.

The information security steering model is part of Matkahuolto's management system. Information security is being developed to correspond to the target state of Matkahuolto's business, which is defined by the top management. The development goals, areas and tasks of information security are described in the information security strategy. The different areas of information security are outlined in more detail with operating principles and guidelines. They are processed and approved by the Information Security Steering Group.

Validity

Matkahuolto's Management Team has approved the Information Security Policy on 30.03.2026.

PrivateCorporate customers

Passengers

TimetablesTravel ticketsMatkat appMost popular routesJourney PlannerKamppiTravelingInstructions and terms of use

Parcels

Send a parcel domesticallySend a parcel abroadPaketit appPackingReceive a parcelReturn a parcelParcel points and parcel lockersTerms of use for parcels

Useful tips

Customer serviceNewsFrequently asked questionsJob vacanciesData protection and information securityAccessibility statementsContact detailsInvoicing

Matkahuolto as a company

Matkahuolto as a companyStrategyOur storyPersonnelCompany managementCorporate responsibility Annual reports and reportingFor the media

Social media

Facebook
Instagram
LinkedIn