Abbreviation: CSFP Project
Implementation period: 1 September 2015–30 November 2016
Funding programme: Regional development funding, Central Finland Development Fund
Implementing party: JAMK University of Applied Sciences Ltd, Institute of Information Technology
Partners: Finnish Communications Regulatory Authority, Confederation of Finnish Industries, 3SDL, TeliaSonera Finland PLC


Project goals

Studies show that Finnish information networks are some of the cleanest in the world; however, we cannot allow ourselves to be lulled into a false sense of “security”. There is very limited awareness of cyber threats and their impact on business and its continuity, especially among SMEs. At the same time, it is increasingly important for SMEs to achieve and maintain a sufficient level of data security and be able to demonstrate it to customers. Companies must have a capability that befits their operations to demonstrate their security competence to current and potential customers and business partners. An approved cybersecurity framework and operating model is needed for SMEs in particular for assessing the level of cybersecurity and for developing it further in a comprehensive and reliable way. There are no such assessment models available in Finland, but some have been developed elsewhere in Europe for similar purposes. In this development work, it is sensible to utilise experiences from abroad as well as the expertise of the national and international co-operation network instead of trying to reinvent the wheel from the beginning.

The Cyber Scheme Pilot in Finland project is aimed at building and piloting a national operating model/concept especially for the cybersecurity assessment and accreditation of SMEs and development work based thereon.

The project will achieve the following result targets:

  1. The structure and contents of the assessment will be specified.
  2. The assessment and accreditation processes will be described.
  3. Pilots will be implemented in SMEs in the region.
  4. The tools and other infrastructure will be built.

Project actions

The project will develop an assessment model and tools for assessing the key cybersecurity functions for SMEs. The assessment model and tools will be piloted with SMEs, and the feedback received will be used to further develop the model and tools to enable the nationwide deployment of the model in the future.

Impact of the project

The implementation of the concept will help promote the trading opportunities of companies in Finland and abroad, and it may open brand new markets for Finnish companies in Great Britain and other countries of the Commonwealth in particular.

The project will serve as an example and increase the co-operation between research, business and authorities.

The implementation of the concept will have positive employment effects in the companies conducting the assessment/accreditations as well as the companies focused on data security.

The concept can be used for increasing the awareness of cybersecurity issues in SMEs and to encourage them to continuously improve data security in order to thereby see security as a competitive advantage.

Certification will increase the Finnish data security service business: the companies seeking certification can use the services of data security professionals in the process.

The implementation of the concept will enable the creation of new jobs for audit work.

The implementation will enhance the reputation of Finland as a model country for cybersecurity and support the implementation of EU data security regulations on both the national and company level.






JYVSECTEC is an independent cyber security research, training and development center.