As a reliable financial sector company, we aim to ensure that the services we offer our customers are secure. Mandatum places the utmost importance on having sufficient levels of information security and cyber-security that are proportionate to the nature of our business and the information we process, and on ensuring that they correspond to the level generally expected by the financial sector’s various stakeholders. In Mandatum, information security is seen as an integral part of developing high-quality services, the digitalisation of services and a positive customer experience.
Mandatum’s information security and cyber-security are systematically developed in accordance with the information security strategy approved by the organisation’s management, taking into account the ever-changing threat landscape. Mandatum’s information security and cyber-security management is based on the information security policy approved by the company’s Board of Directors. The policy outlines the roles, responsibilities, goals and more detailed guidelines for implementing information security and cyber-security.
Website security
How can I be sure that the website I am on is really Mandatum’s?
When using Mandatum’s website, you can easily verify whether it really is Mandatum´s. You can see right away if the connection is encrypted, who administers the website and who has verified the website. This can help you avoid harmful websites that may have been published in Mandatum’s name without authorisation.
You can verify the website’s authenticity through the information in the website’s browser bar. A padlock symbol indicates that the website has been verified and that the connection is encrypted. You can also click on the text/company’s name next to the padlock and verify that the website is administered by the company in question and that the website’s administration has been verified by a third party. Mandatum´s website is administered by Mandatum Life Insurance Company Limited and the verifier is Google Trust Services.
Reporting an information security incident
We focus on testing and assessing security using both our own resources and external specialists. While Mandatum does not have an official bug bounty program, we do accept reports of information security incidents or vulnerabilities. In order to process the reports appropriately and to get back to the person who reported the incident, we ask that the following information be included in the report:
- The incident that has been observed
- If possible, the website on which the incident has been observed
- How the incident can be verified
- The contact details of the person reporting the incident, so that we can contact them if necessary
We aim to be in touch with the reporting person as soon as possible. We also stress that unauthorised or illegal means must not be targeted at our services (Criminal Code 19.12.1889/39, Chapter 38, Data and communications offences). Illegal means include, e.g. actions that compromise our customers’ data or which disrupt the availability of our services. Any possible cases of misconduct are always looked into, and a police report is filed if necessary.
More information
You can report security incidents and obtain further information about Mandatum’s information security via email: security@mandatum.fi