Liana has been granted the ISO/IEC 27001 certification

Information security has become a central part of everyday life for organizations. Phishing emails, increasing denial-of-service attacks, AI-enabled automated intrusion attempts, and tightening legislation all serve as reminders that the digital environment requires continuous care and foresight. The EU’s NIS2 directive also introduces stricter requirements for many of our customers.

Liana is committed to maintaining a high standard in its operations. A year ago, we decided to take this work to the next level and began pursuing the ISO/IEC 27001 certification. We are now pleased to share that the certification has been granted to us.

What does ISO/IEC 27001 mean for Liana and our customers?

ISO/IEC 27001 is an international standard that defines the requirements for managing information security. It is a management model that covers the entire organization and ensures information security across technical environments, processes, and everyday employee activities. Obtaining the certification demonstrates that we identify information security risks, manage them systematically, and continuously improve our operations.

Achieving the certification required multi-layered and long-term development work. As part of this effort, we ensured that:

• Our management is committed to the continuous development of information security
• Liana has a clearly documented, managed, and implemented information security policy
• The information security management system defines the role and responsibility of every employee
• Information security work has sufficient resources, expertise, and processes
• We have set metrics to monitor the effectiveness of information security
• Liana’s information security risks have been mapped, identified, and are systematically managed
• All key operating procedures, training, and technical solutions have been documented and audited

The ISO-compliant management system is visible in Liana’s everyday operations. It is part of product development, customer work, HR processes, and partnerships. The certification demonstrates that our operations are transparent, proactive, and verified by an external auditor.

Independent auditing confirmed the maturity of our processes

The certification was preceded by an extensive audit, during which we reviewed documentation, processes, log data, plans, and practices together with an external auditor. Interviews across the organization ensured that information security expertise does not rely solely on individual people but is a shared strength throughout the company.

During the audit, it became clear that Liana has been doing strong work in information security for a long time. At the same time, we identified areas for improvement, which we have already begun addressing. Continuous improvement is at the core of the ISO/IEC 27001 standard, and it is firmly embedded in how we work.

The journey continues: information security is part of Liana’s promise

The certification is not an endpoint. It is a confirmation that we are on the right path and that our operations meet internationally recognized requirements. We will continue developing our environment to make it even more secure and to support our customers in a landscape where requirements continue to grow, digitalization accelerates, and the importance of information security increases.

We strive to be a partner you can trust — both in terms of technological quality and information security. The ISO/IEC 27001 certification is an important part of that promise.

The audit was conducted by Into Certification.

Tuomas Lempiäinen
CTO
Liana