Skip to main content
Home/ Sustainability/ Responsible business/ Information security

Information security

Part of responsible business is to have the capability of protecting the company from information security-related issues. Nokian Tyres has a formally approved, company‑wide Information Security Policy. Nokian Tyres' Information Security Policy describes our process for protecting the confidentiality, integrity and availability of information assets in order to manage and reduce information risks. Information security at Nokian Tyres is managed using a risk‑based approach aligned with enterprise risk management, business objectives, and applicable laws and regulations. Continuous development work is guided by our information security development program and complemented by the Guidelines for Secure and Acceptable Use of AI.

employees having a meeting

Information Security Policy and AI guidelines

At Nokian Tyres, information security is a key part of ensuring trust, operational continuity, and regulatory compliance. Our Information Security Policy outlines the principles and responsibilities that guide how we protect the confidentiality, integrity, and availability of our data and systems. The Information Security Policy is approved by the Board of Directors, and the Chief Information Officer (CIO) is accountable for information security governance, ownership, and implementation under executive management oversight. It is subject to review on an annual basis and continuously improved based on risk assessments, incident learnings, and regulatory requirements.The policy is aligned with recognized industry standards and applicable regulations.

The Information Security Policy and derived principles are based on our information security strategy. The information security strategy has linkage to the business environment, current status and capabilities and the direction of the company i.e. the approved strategy of Nokian Tyres and risk levels within each business process. It also provides the direction and objectives for effective information security management using a risk‑based approach and addressing both traditional and emerging risks.

The policy applies company‑wide and establishes information security requirements for all Nokian Tyres operations, subsidiaries, employees, contractors, and partners handling company information. It covers both documented and undocumented data across physical and digital formats. The Information Security Policy covers key control areas, including risk management, information security incident handling, business continuity, data protection, and supplier and third‑party security.

The Information Security Policy is supported by a detailed set of information security principles and guidelines. These principles and guidelines provide a framework against which information security controls are implemented, monitored and reported, including controls related to AI‑enabled solutions. Nokian Tyres continuously monitors information security threats and responds without delay.

Nokian Tyres complies with the EU AI Act. The use of artificial intelligence is governed by internal AI guidelines, which define acceptable and prohibited use, data protection and privacy requirements, and information- and cybersecurity principles related to AI. The guidelines have been approved by the Management Team.

The AI guidelines cover several aspects, including human oversight and clear accountability, transparency and explainability, and a requirement that AI tools must avoid bias and discrimination. It must also be disclosed whenever certain content or functionality is directly AI-based. At work, employees are only allowed to use the AI tools provided by the company, and new tools are deployed only after a thorough risk assessment.        

Developing information security

An effective Information Security Development Program is essential for safeguarding an organization's information assets. The program supports the implementation, enforcement, and continuous improvement of the Information Security Policy. By implementing a structured approach to security management, Nokian Tyres can mitigate risks, ensure compliance, and maintain the trust of stakeholders while enabling the secure use of new technologies, including artificial intelligence.

Nokian Tyres Information Security Development Program is designed to protect information assets by establishing a comprehensive framework of policies, procedures, and controls. This program ensures the confidentiality, integrity, and availability of data, aligning with organizational objectives and regulatory requirements and internal policies, including AI guidelines.

Our Information Security Development Program is led by Head of Nokian Tyres Information Security and steered by Nokian Tyres Management. The status of information security, including AI‑related risks and controls, is annually reported to Board of Directors' Audit Committee.

The key elements of our Information Security Development Program include the following:

Governance and Management
  • Establishes a framework to ensure that security activities align with business objectives and comply with laws and regulations
  • Develops and enforces policies that govern the use, protection, and management of information assets, including AI tools
  • Defines roles and responsibilities for managing information security
  • Ensures monitoring and regular internal audits of the IT infrastructure and information security management systems to guarantee effectiveness of measures
Risk Management
  • Identifies and evaluates risks to information and systems, determining their potential impact and likelihood, including AI‑related risks
  • Implements controls to reduce risks to acceptable levels, including technical, administrative, and physical safeguards
Development and Operations
  • Incorporates security measures throughout the system development and its operational phase, including AI lifecycle management
Training and Awareness
  • Provides ongoing education to employees about security policies, procedures, and best practices
    Conducts campaigns to raise awareness about security threats, including ethical and security risks associated with AI use
Incident Response
  • Develops and tests incident response plans to ensure effective and rapid handling of security incidents
  • Implements procedures for detecting, protecting, responding and recovering from security incidents
  • Provides an escalation process for employees to report incidents, vulnerabilities or suspicious activities
  • Information security incidents are reported, investigated and managed according to defined procedures
Continuous Improvement
  • Regularly reviews and updates the security program to address emerging threats and vulnerabilities
  • Uses key performance indicators (KPIs) to measure the effectiveness of security controls
  • Drives improvement based on risk assessments, incidents, regulatory developments, and oversight reporting

Explore more

Data privacy of our customers and consumers