Annual Report 2022
Sustainability at Bittium in 2022
Home   >  Sustainability Report  >  Sustainability Program 20222025  >  The Focus Areas in Sustainability at Bittium   >  Confidential Customer Relationships and Secure Products

FOCUS AREA #2

Confidential Customer Relationships and Secure Products

Bittium helps its customers prevent threats related to information and national security and use technology to create added value in relation to existing products or the development of new products. Bittium also helps its customers in the healthcare sector by providing them with remote measurement solutions in response to the cost pressure and efficiency requirements that the healthcare sector is currently facing. It all starts with trust – trust in the safety and quality of our work and products and trust in our advanced technology and information security competence. These are the culmination of our competitiveness and our way of creating value in society.

Confidentiality and ensuring information security are part of Bittium´s sustainability. Trust is one of Bittium´s values and a necessary condition for the company´s business. It is an essential element of Bittium´s customer relationships, products, services, and working methods. Bittium´s working methods are characterized by a strong focus on information security and ensuring the confidentiality of the customers´ data. The products are designed to be secure, always taking the customers´ needs into account. Bittium´s Code of Conduct is also an integral element of the company´s secure and responsible way of working with customers and other stakeholders.

Trust and information security are key dimensions of Bittium´s ability to produce reliable and secure communications and connectivity solutions as well as mobile information security solutions and provide health technology products and solutions for the company´s customers.

Bittium responds to the constantly growing and changing information security requirements by monitoring global information security threats in real-time, by training employees, and by participating in Finnish, European, and international information security development projects.

Bittium´s method of ensuring the sustainability of product materials and the supply chain is described in the Corporate citizenship and sustainable business practices section.

Information Security Management

Ensuring information security constitutes such an integral part of Bittium´s business that the company has developed a specific management system, including a management group, for this purpose. Information security objectives and responsibilities as well as the resourcing of operations are defined in the system.

The management system covers information security-related policies, guidelines, and templates pursuant to the standards and requirements (ISO 27001, Katakri 2015, and FSC) as well as the requirements set by the customers and law. In practice, they completely cover the information security of the company´s operations and also the information security of the physical premises and employees.

Bittium has a real-time monitoring system for information security threats and the employees have also been trained to take responsibility for information security and report any information security threats they observe. Employees also receive training on the use of working methods and procedures that help maintain a high level of information security.

Product and life cycle risks are systematically assessed as part of the product development process. With respect to products, Bittium takes into account the safety and information security of materials and components as well as compliance with product liability regulations in the company´s target markets.

Objectives and Sustainable Development 2022

In terms of customer relationships, the key points related to Bittium´s sustainability theme Confidential customer relationships, and secure products concern cooperation, customer understanding, and project management and, from a new viewpoint, product, and service quality, for which the key metrics are the number of severe quality defects. Customer and project satisfaction is measured through annual surveys, with separate objectives set for each area. In regard to information security threats, the principle of continuous development is applied to products and operations, but the more detailed objectives are the following four points, each of which is measured separately. The objectives are:

  1. Maintenance and development of information security certifications on the basis of audits.
  2. Detecting information security incidents and ensure quick reactions and fixes.
  3. Continuous monitoring of principles and policies related to information security practices and providing training for employees.
  4. Improving the information security of own products and development of new technology.

The role of information security as a competitive factor is included in the new sustainability program for 2022–2025. In this area, Bittium aims to strengthen the company´s role in the recognition of information security threats and the utilization of information together with stakeholders, and the company also aims to participate in information security development projects and key forums at the EU level and otherwise.

Customer and Project Satisfaction

Bittium measures both customer and project satisfaction on an annual basis by using NPS, that is Net Promotor Score. This year, the targets were NPS 49 for customer satisfaction and 48 for project satisfaction. In the annual customer satisfaction survey, the NPS increased to 50, and in the project satisfaction survey to 56.

For customer satisfaction, the assessed areas are the smoothness of cooperation, Bittium´s ability to understand the customer and general satisfaction with the product quality, whereas for project satisfaction, the key areas are the success of project management, the functioning of technical solutions, quality, and the outcome of the project. Both surveys provide information on product and service quality, the measuring criteria of which is the number of severe defects in each business area.

No severe quality defects were observed in 2022. The COVID-19 pandemic caused global problems in the availability of electronic components, which had a significant effect on Bittium´s ability to deliver products to its customers during the past year. In 2021–2022, the company took supply chain-related measures, which are described in more detail in the Corporate citizenship and sustainable business practices section.

Information Security Threats

Bittium has in place an information security management system based on the ISO 27001 standard, and the system was audited in 2022. In the audit, only one minor deviation was discovered, regarding which the necessary corrective actions have been taken. Bittium also updated the Statement of applicability policy, which is related to the ISO 27001 standard, with the policy specifying Bittium´s information security principles. Furthermore, Traficom conducted audits during the year in relation to technical information security.

During the year, 114 information security incidents were discovered, which is 19% less than in 2021. The deviations were minor by their nature and had no significant effects on Bittium´s operations.

In relation to information security, the employees were provided with self-study training related to the ISO 27001 standard and training that helps recognize phishing.

Vulnerability management was expanded during the year to new operational areas in connection with product development. In order to meet customer requirements, the number of vulnerability analyses that were carried out increased compared to previous years.

Information Security as a Competitive Factor

Bittium aims to strengthen its role in the recognition of information security threats and in the utilization of information together with the stakeholders, and the company also aims to participate in the information security development projects and key forums of the EU and other parties.

Each year, Bittium participates in many important Finnish, European and international research and development projects. Active participation in the industry´s development projects has a positive effect on the building of sustainable society.

The iMUGS (integrated Modular Unmanned Ground System) project under the European Defence Industrial Development Programme (EDIDP), which started in 2020, develops new capabilities for the defense forces of European countries based on autonomous systems. In the project, Bittium is responsible for the execution of resilient and networked data transfer, including both tactical communications and data transfer over commercial 4G and 5G cellular networks. In the project, Bittium, as part of a consortium, demonstrated especially hybrid networking in the past year.

The CyberFactory #1 (CF #1) project, which ended in 2022, aimed to design, develop, integrate and demonstrate a set of key capabilities to promote the optimization and resilience of the Factory of the Future, Industry 4.0. The project involved pilot users and suppliers as well as research and academic organizations from seven countries. Bittium´s role was to develop cyber security architecture and capabilities in its products and manufacturing support systems, such as in device management solutions. The project received the ITEA Innovation Award in September 2022.

The end of 2022 saw the launch of the 5G Compad project (EDF, European Defense Fund), the purpose of which is to enable secure tactical communication solutions in the integration of defense infrastructure and 5G networks. Bittium is responsible for the specification of the information security architecture in the project.

During the year, Bittium also participated in the activities of a group of Finnish companies that focuses on information security threats and in multiple events where the tackling of information security deviations or technical capabilities were practiced. The Tieto22 exercise and the NATO Edge event in Brussels, Belgium, are some examples of past events. Bittium was part of the team of Finnish companies that won the international cyber defense exercise, Locked Shields 2022. https://ccdcoe.org/news/2022/finland-wins-cyber-defence-exercise-locked-shields-2022/

Product Information Management

Bittium has continued the development of product information management that began in 2020 and the deployment of related tools. The project involves checking that all existing product information is up-to-date. The system was deployed for first products in 2022, but the work will continue in 2023.

Systems and Standards

Standards define the industry´s common operating methods that make life easier for the authorities as well as the companies in the industry. Standardization also makes it easier to promote global exports.

Certified integrated management systems are an important tool with which Bittium can improve its efficiency and reliability, transparency and customer satisfaction. Customers increasingly expect Bittium´s products and working methods to be standardized and certified.

Bittium had six certified systems in use at the end of 2022. All in all, more than 400 different standards, approximately 120 of them on a daily basis, are observed in
Bittium´s operations. All of Bittium´s management systems are audited by an external party on an annual basis.

Bittium also applies product branch-specific product approval procedures, such as MDSAP (Medical Single Audit Program) in technology products intended for the medical field. The changes in procedures, products and approval processes arising from the EU Medical Device Regulation were taken into account in Bittium´s Medical Technologies business in 2022.

As proof of meeting the MDR requirements, Bittium Biosignals Oy was granted a quality system approval according to the MDR regulation by a classified institution in June 2022, and during the end of the year the first product approvals according to the MDR regulation. Bittium is well on schedule in implementing the earlier MDR regulation schedule (by May 2024) for Bittium´s products. However, it should be noted that the EU and national authorities have announced transition time extensions for the MDR regulation at the end of 2022, which will be confirmed around 2023.

The relevant industry standards are applied in the design of the electrical safety and performance features of Bittium´s products. Customer, country and market-specific
requirements are also taken into account in hardware development.

The products are tested, verified and approved as part of the R&D process by both internal and external auditors. For example, in Europe, the products are required to carry the CE label and the related Declaration of Conformity (DoC).

Product development projects are also audited in accordance with the PSSL (Product Safety, Security and Liability) audit procedures as part of Bittium´s End Product Process (EPP) requirements. Employees receive PSSL product liability training.

Certificates 2022

Relevant Sustainable Development Goals by the UN

 

Bittium´s medical technology products, which improve modern healthcare and provide safety, efficiency, and cost savings, support sustainable development goal
no. 3 (good health and well-being).