Data Privacy and Security by Design at Posti Group Oyj

Posti Group Oyj is a leading delivery and fulfilment company in Finland, Sweden and Baltics, visiting around three million households and companies every weekday. Advisense was selected as a partner to conduct a data privacy and security audit in Digital Services Development at Posti. 

Advisense conducted an audit on privacy and security by design in digital development. The objective was to assess the adequacy of governance and policy framework, processes, and control activities in digital development of consumer-facing applications throughout the system lifecycle. The aim was to provide effective and actionable recommendations for improvements.  


The purpose of the audit was to provide Posti with a clear view of the status of privacy and security by design across the organisation. This included privacy and security governance, development processes and application level. The audit required deep subject matter expertise in order to assess implementation of various privacy and security requirements across different development activities including understanding of compliance requirements and best practices in data protection and information security.  


The project team combined subject matter experts in privacy and security with audit professionals to ensure high reporting quality and a thorough understanding of complex requirements. The collaborative and interdisciplinary team played a key role in conducting a successful audit covering privacy and security by design, from regulations and best practices to processes and implementation, leading to the project’s success. 


By combining Advisense’s expertise and audit approach for privacy and security by design with the client’s clear instructions and diligent planning, we achieved a successful audit project. Posti Group Oyj received valuable findings and actionable recommendations from the audit, empowering them to enhance compliance in their digital operations and effectively mitigate risks. 

The project team’s professional and proactive approach enabled a smooth and effective audit process. Posti received valuable insights and development recommendations to improve its privacy and security controls in its digital services. I especially appreciated the quality of the audit report produced by the project team.

– Päivi Karhu, Director, Internal Audit, Posti Group. 

The purpose of internal audit is to give objective and structured feedback, that leads to change. In this complex world, we need to be able to provide audits that are supported by the best possible subject matter expertise. That enables us to provide high quality information that helps the client develop their processes to be stronger to meet the challenges in an efficient way.

– Joonas Värtinen, Director, Audit & Control, Advisense 

Read more of our client stories here.