Wapice Updates to ISO 27001:2022 Information Security Management System
Wapice’s long-term and strategic work in information security has once again received recognition, as our information security management system has been updated to the latest ISO/IEC 27001:2022 standard. The certificate was granted by DNV, following an audit carried out in May 2025.
Wapice has used the ISO 27001 standard as the foundation of its information security management since 2007, with the system first being certified in 2019. This new update to the 2022 version underlines our continued commitment to industry best practices and our readiness to meet increasingly stringent requirements, such as those introduced by the EU’s new NIS2 directive.
Recently, we have invested strongly in cyber recovery, business continuity management (BCM), and our security operations centre (SOC) services.
Our Chief Information Security Officer, Teemu Niemi, commented on the achievement:
“I am delighted to reach this milestone. Although our overall efforts in information security at Wapice have always been strategic and long-term, it is valuable to pause and reflect – and perhaps celebrate – each achievement. Recently, we have invested strongly in cyber recovery, business continuity management (BCM), and our security operations centre (SOC) services.”
Wapice’s information security development has strong roots and a long continuity. This sustained effort forms the foundation for today’s achievements as well.
“I was personally involved in establishing Wapice’s information security management system back in 2007, which we later certified in 2019, so in that sense this update is not entirely new. What is gratifying, however, is to see legislation (such as NIS2) now acknowledging these areas. When we adopted ISO 27001 in 2007, it was already clear that these principles would eventually become part of regulation. I have been waiting for this for 18 years. Yet I do not feel we were too far ahead – rather, I see us as pioneers in information security, enabling us to better protect our customers’ data and to help them strengthen their security at both governance and technical levels,” Niemi adds.
The importance and strategic role of information security is also evident at the highest level of management. Wapice’s CEO, Pasi Tuominen, adds:
“At Wapice, deterministic, goal-oriented, and reliable execution has been one of our guiding principles from the very beginning. We do not strive for over-engineering, but everything must be done properly and sustainably. Whenever we identify a practice that genuinely increases both security and productivity in a cost-effective way, we aim to embed it in our culture. The adoption of the ISO 27001 standard and the certification six years ago are excellent examples of this principle. For us, information security is not a superficial label – it is a fundamental part of our operations, built into the entire chain through a mindset of continuous improvement.”
This update further strengthens our mission to deliver the highest quality and security across all our services.
Additional information
