Skip to main content
Home/ Sustainability/ Responsible business/ Information security

Information security

Part of responsible business is to have the capability of protecting the company from information security-related issues. Nokian Tyres' Information Security Policy describes our process for protecting the confidentiality, integrity and availability of information assets in order to manage and reduce information risks. Continuous development work is guided by our information security development program.

employees having a meeting

Information Security Policy

At Nokian Tyres, information security is a key part of ensuring trust, operational continuity, and regulatory compliance. Our Information Security Policy outlines the principles and responsibilities that guide how we protect the confidentiality, integrity, and availability of our data and systems. This policy will at all times be based on the applicable information security laws and regulations. 

The Information Security Policy is supported by a detailed set of information security principles and guidelines. These principles and guidelines provide a framework against which information security controls are implemented, monitored and reported. 

The Information Security Policy and derived principles are based on our information security strategy. The information security strategy has linkage to the business environment, current status and capabilities and the direction of the company i.e. the approved strategy of Nokian Tyres and risk levels within each business process. It also provides the direction and objectives for effective information security management and goals through which the information security strategy is implemented.

The policy applies to all Nokian Tyres operations, subsidiaries, employees, contractors, and partners handling company information. It covers both documented and undocumented data across physical and digital formats.

The Information Security Policy is approved by the Board of Directors. It is subject to review on an annual basis and updated when necessary.

Developing information security

An effective Information Security Development Program is essential for safeguarding an organization's information assets. By implementing a structured approach to security management, Nokian Tyres can mitigate risks, ensure compliance, and maintain the trust of stakeholders.

Nokian Tyres Information Security Development Program is designed to protect information assets by establishing a comprehensive framework of policies, procedures, and controls. This program ensures the confidentiality, integrity, and availability of data, aligning with organizational objectives and regulatory requirements. 

Our Information Security Development Program is led by Head of Nokian Tyres Information Security and steered by Nokian Tyres Management. The status of Information Security is annually reported to Board of Directors' Audit Committee.

The key elements of our Information Security Development Program include the following:

Governance and Management
  • Establishes a framework to ensure that security activities align with business objectives and comply with laws and regulations
  • Develops and enforces policies that govern the use, protection, and management of information assets
  • Defines roles and responsibilities for managing information security
  • Ensures monitoring and effectiveness of information security measures
Risk Management
  • Identifies and evaluates risks to information and systems, determining their potential impact and likelihood
  • Implements controls to reduce risks to acceptable levels, including technical, administrative, and physical safeguards 
Development and Operations
  • Incorporates security measures throughout the system development and its operational phase
Training and Awareness
  • Provides ongoing education to employees about security policies, procedures, and best practices
  • Conducts campaigns to raise awareness about security threats and the importance of protecting information assets
Incident Response
  • Develops and tests incident response plans to ensure effective and rapid handling of security incidents
  • Implements procedures for detecting, protecting, responding and recovering from security incidents
  • Incident escalation process for employees
Continuous Improvement
  • Regularly reviews and updates the security program to address emerging threats and vulnerabilities
  • Uses key performance indicators (KPIs) to measure the effectiveness of security controls

Explore more

Data privacy of our customers and consumers