Confidential Customer Relationships and Secure Products

Confidential Customer Relationships and Secure Products

Focus Area #2

Confidentiality and ensuring information security are an integral aspect of Bittium’s sustainability. Bittium helps its customers prevent threats related to information and national security. The company is known for its information security expertise and secure products for the defense and security industry. Information security is also part of ensuring confidentiality across the company’s field of operations. For example, in product development service projects carried out for customers, information security is a key consideration right from the start of the design stage. In addition, Bittium’s health technology products help its customers in the health care sector by providing them with remote measurement solutions in response to the constantly increasing cost pressures and efficiency requirements in the health care sector.

In Bittium’s operations, confidentiality is an element of customer relationships, products, services, and working methods. Trust and information security are key dimensions of Bittium’s ability to produce reliable and secure communications and connectivity solutions as well as mobile information security solutions and provide health technology products and solutions for the company’s customers.

The changed global situation and the resulting changes in the operating environment have been taken into account, and operations have been adapted and developed according to the current conditions. Changes in the threat environment and operating environment are monitored and taken into account in activities, methods and measures related to Bittium’s information security and overall security. 

It is crucial to take information security into consideration across the full life cycle of products and services. Bittium’s Code of Conduct is also an integral element of the company’s secure and responsible way of working with customers and other stakeholders.

Bittium responds to the constantly growing and changing information security requirements by training employees and by participating in Finnish, European, and international information security development projects.

Information Security Management

Information security and safety are integral aspects of Bittium’s day-to-day operations. The company’s operations are managed in accordance with an information security management system.  Information security objectives, responsibilities, and the allocation of resources to activities are specified in the system.

The management system includes information security-related policies, guidelines and templates pursuant to the standards and requirements (ISO 27001, Katakri and FSC) as well as the requirements set by the customers and law. They cover the information security of all of the company’s functions and areas of operation.

Bittium has various technical solutions, methods and operating practices in place with regard to information security. The company’s employees have also been trained to bear responsibility for information security and report any information security incidents or threats they observe. The employees receive regular training on operating practices that ensure information security.

Product and life cycle risks are systematically assessed as part of the product development process. With respect to products, Bittium takes into account the safety and information security of materials and components as well as compliance with product liability regulations in the company’s target markets.

Objectives and Sustainable Development 2023

In terms of customer relationships, the key points related to the sustainability theme Confidential customer relationships and secure products concern cooperation, customer understanding and project management, and product and service quality. Customer and project satisfaction is measured through annual surveys, with separate objectives set for each area.

As regards information security threats, the principle of continuous development is applied to products and operations, but the more detailed objectives are the following four points:

  1. Compliance of information security certificates and the development of operational security
  2. Developing situational awareness regarding security and the capacity to recognize deviations and incidents
  3. Developing business continuity management.
  4. Improving the information security of own products and development of new technology.

Information security is a competitive factor for Bittium. In this area, Bittium aims to strengthen the company’s role in the recognition of information security threats and in the utilization of information together with stakeholders, and the company also aims to participate in the information security development projects and key forums at the EU level and otherwise.

Bittium is also involved in the Finnish Information Security Cluster (FISC), which promotes the utilization of cybersecurity expertise in Finnish society, and the FISC-owned Cyberlab Oy. The members of FISC consist of nationally significant organizations that provide information security and cybersecurity products and services. Bittium has participated in the management of FISC since 2023.

Customer and Project Satisfaction

Bittium measures both customer and project satisfaction on an annual basis using the Net Promoter Score (NPS) as the indicator. During the year under review, the NPS target for both customer and project satisfaction was 50. The target was achieved in both surveys. The customer satisfaction survey NPS improved and came to 52. The project satisfaction survey NPS was 50, representing a slight decrease from the previous year.

For customer satisfaction, the assessed areas are the smoothness of cooperation, Bittium’s ability to understand the customer and general satisfaction with the product quality, whereas for project satisfaction, the key areas are the success of project management, the functioning of technical solutions, quality and the outcome of the project. Both surveys provide information on product and service quality, the measuring criteria of which is the number of severe defects in each business area. No severe quality defects were observed in 2023.

In the customer satisfaction survey, Bittium also collects feedback on the company’s values, one of which is trust. In the survey, trust was given a score of 4.4 on a scale of 1–5.

Information Security Threats

Bittium’s information security management system is based on the international ISO 27001 standard. Several audits were also conducted by customers in 2023, and Bittium’s audit results were excellent. In a time of changes in the operating environment, our customers have worked with us to verify the sustainability of our operating practices.

The information security environment is constantly changing and developing. During the year under review, Bittium developed its information security observation methods, systems, and operating practices partly as planned and partly in accordance with the changed threat and information security landscape. We also commission third-party assessments and studies relating to methods and systems.

Bittium has not been targeted by cyber attacks that would have affected the organization’s functions. Other information security incidents have been minor by nature and they have had no significant effects on Bittium’s operations.

In relation to information security, online training has been organized for employees on topics such as recognizing phishing attempts.

We aim to continuously enhance information security awareness by making guidelines and policies clearer, increasing communication and providing regular training to our personnel. Information security training is provided both at a general level and on a job-specific basis.

Information Security as a Competitive Factor

Bittium aims to strengthen its role in the recognition of information security threats and in the utilization of information together with the stakeholders, and the company also aims to participate in the information security development projects and key forums of the EU and other parties. Each year, Bittium participates in many important Finnish, European and international research and development projects.

In spring 2023, Bittium received significant funding from Business Finland, which was used to launch the Seamless and Secure Connectivity project. In the future, seamless and secure connectivity will require interoperability between various networks in the field of public, private, and related applications. The number of different terminal devices in the network, such as sensors, mobile devices and IoT devices, is growing very quickly, and the importance of their end-to-end information security is growing substantially. Seamlessness is enabled, for example, by utilizing alternative connectivity technologies and mobility solutions at the same time, so that the secure connection remains uninterrupted during the entire communication. At the same time, the development of medical remote diagnostics, from devices to services, promotes cost-efficiency in the health care industry, faster diagnosis of people’s health or related problems, and significantly improves the eco-efficiency of the environment as it becomes more common. More information on the project is available on the company’s website.

In 2023, Bittium again participated in Locked Shields, the world’s largest live-fire cyber defense exercise, hosted by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). The exercise had over 3,000 participants from 38 countries. The exercise involves protecting real computer systems from real-time attacks, and simulating tactical and strategic decision-making in critical situations. Locked Shields is a Red Team vs Blue Team training exercise in which the Blue Teams are composed of NATO CCDCOE member states and partner nations. In addition to defending systems, teams must report incidents, execute strategic decisions, and solve forensic, legal, and media challenges. The plan for the training exercise was created by 400 organizers who created over 5,500 virtual systems for the purpose.

The 5G Compad (EDF, European Defence Fund) project that began in 2022 continued in 2023. The aim of the project is to enable secure tactical communication solutions in the integration of defense infrastructure and 5G networks.

Product Information Management

Most of Bittium’s product information has been migrated to the company’s new product information management system, but this work will still continue in 2024. Product information management supports the reporting of compliance with existing standards and preparations for future regulations, such as the digital product passport, which will increase the transparency of product information and promote the circular economy.

Systems and Standards

Customers increasingly expect Bittium’s products and working methods to be standardized and certified. Standardization also makes it easier to promote global exports.

Bittium had six certified systems in use at the end of 2023. All in all, more than 400 different standards are observed in Bittium’s operations, approximately 120 of them on a daily basis. All of Bittium’s certified management systems are audited by an external party on an annual basis.

Bittium has certified quality management systems for medical devices, such as a quality management system for medical devices that satisfies the requirements of the Medical Devices Regulation (MDR) (EU) 2017/745 and is certified in accordance with the Medical Device Single Audit Program (MDSAP) and the ISO 13485 standard. In late 2022, Bittium obtained MDR-compliant certification for the Bittium Respiro home sleep apnea test device and the Bittium Respiro Analyst software used to analyze the results. Bittium progressed according to plan in MDR approval processes in 2023. The products are tested, verified and approved as part of the R&D process by both internal and external auditors. For example, in Europe, the products are required to carry the CE label and the related Declaration of Conformity (DoC).

The company’s product development projects are also audited in accordance with the PSSL (Product Safety, Security and Liability) audit procedures as part of Bittium’s End Product Process (EPP) requirements. Employees receive PSSL product liability training.

 

Relevant Sustainable Development Goals by the UN

 

Bittium’s medical technology products, which improve modern healthcare and provide safety, efficiency, and cost savings, support sustainable development goal no. 3 (good health and well-being).