City’s digital security

The main focus of the assessment was on examining whether the city has prepared for digital security risks in an adequate and appropriate manner. The 2017–2021 City Strategy had the goal of Helsinki being the most digitalised city in the world. Digitalisation increases the dependency on well-functioning data systems considerably, which exposes the overall system to digital security risks.

The city has only partially prepared for digital security risks in an adequate and appropriate manner. For instance, the organisation of digital security still needs improvement. In the future, the organisation of digital security and communications will be supported by the new risk management software and the digital security group which is the object of the reform. The fact that the DigiABC training sessions for the entire personnel take a lot of time, due to the large size of the organisation, creates challenges for training the personnel.

The city’s risk management follows its own instructions which mainly utilise the instructions drafted by the VAHTI group for public administration. Risks are assessed a couple of times a year during the economic planning process. No precise schedule has been set for the implementation of the risk management methods, even though the city’s own instructions require setting a schedule and measuring the effectiveness of the administration methods. In any incident related to digital security, the continuity of the city’s service operations will largely be protected. The plans have been tested in some of the most central systems, but there is no compiled data available. Individual tests have provided information on how to act during an incident. However, no large-scale exercise has been organised because the resources necessary for the participation have not been available.