Mandatum takes information security and cyber-security seriously, and appropriate measures are taken in an effort to ensure the security of the services offered to customers and the data that is processed. We place the utmost importance on having sufficient levels of information security and cyber-security that are proportionate to the nature of our business and the information we process, and on ensuring that they correspond to the level generally expected by the financial sector’s various stakeholders. In our company, information security and cyber-security are seen as an integral part of developing high-quality services, the digitalisation of services and a positive customer experience.
We focus on testing and assessing security using both our own resources and external specialists. While Mandatum does not have an official bug bounty program, we do accept reports of information security incidents or vulnerabilities. In order to process the reports appropriately and to get back to the person who reported the incident, we ask that the following information be included in the report:
We aim to be in touch with the reporting person as soon as possible. We also stress that unauthorised or illegal means must not be targeted at our services (Criminal Code 19.12.1889/39, Chapter 38, Data and communications offences). Illegal means include, e.g. actions that compromise our customers’ data or which disrupt the availability of our services. Any possible cases of misconduct are always looked into, and a police report is filed if necessary.