Certification and key requirements

The purpose of the certification process is to verify that the key requirements for functionality, interoperability and data security defined by THL are met for all information systems linking to the Kanta Services, the wellbeing application, Kanta intermediary services and other information systems that require certification.

The certification process for systems linking to the Kanta Services includes:

joint testing carried out with Kela’s Kanta Services
an information security assessment with an inspection body accredited by the Finnish Communications Regulatory Authority, Traficom.

Joint testing required for certification

Joint testing is required for information systems certified as class A2 or A3 and for wellbeing applications belonging to class A. The content and scope of joint testing can vary significantly from system to system. For this reason, Kela verifies on a system-specific basis which joint tests must be successfully carried out for each information system before proceeding to the data security assessment.

It is possible that an information system will not be subject to any joint testing requirements in connection with certification or changes if all mandatory joint testing has already been successfully completed. Previous joint testing may also need to be carried out again if the properties of the system change substantially or if earlier joint testing observations so require.

Learn more about the joint testing process and its phases

For more information:

Queries related to joint testing: yhteistestaus@kanta.fi
Queries related to certification: kanta@kanta.fi

Key requirements

At the time of submitting its registration notification to Valvira or when seeking certification, the supplier of a social welfare and health care information system or a wellbeing application must provide a description of its intended use and of its conformity to the key operational requirements applicable to the system. The registration notification is submitted using a system form which is based on harmonised classification. The minimum requirements of systems produced for different intended uses are specified through national profiles.

The definitions, profiles and forms for key requirements can be found in Finnish on THL’s Regulations and guidelines page (thl.fi). The regulation on key requirements includes key functions, data content and data security requirements for information systems intended for the processing of client and patient data or wellbeing data.

Supporting material

Training materials on the key requirements for and certification of social welfare and health care information systems and wellbeing applications are available on THL’s training materials page:

Educational materials / Information management in social welfare and healthcare, in Finnish (thl.fi)

Instructions for deploying the Kanta Services:

Deployment of the Kanta Services