Secure, Compliant, and Trusted Networking Solutions

We are committed to delivering the highest level of security. Our Tosi Gateways and Key hardware tokens are CE marked and additionally, we are certified with ISO27001 and ISO9001. Tosi is built on secure-by-design principles, ensuring that our devices offer robust protection against modern cybersecurity threats while meeting all upcoming regulatory requirements.

If you require more information or technical assistance, please contact Tosi Global Technical Support: support@tosi.net

Information Security Policy

Tosi is committed to:

• Operating in accordance with the ISO 27001 information security standard,
• Investigate all reports of security vulnerabilities affecting our products and services, and
• Promote cybersecurity in all our operations.

Compliance with ISO 27001 includes regular security audits conducted both internally and externally. In the scope of information security management system are offices in Oulu, Finland and all services provided from Finland by Tosi - legal Tosibox Oy.

The information security objectives are:

• Safeguard the confidentiality of customers' information and other sensitive data. In the event of a security breach, the utmost priority is to ensure that the breach is promptly detected and reported.

• Product development is using documented Secure Development Lifecycle (SDLC) process. Throughout the product lifecycle, strict adherence to secure coding practices and guidelines is implemented. Identify applicable legislation and ensure compliance with data protection laws, industry regulations, and customer-specific requirements during the design, development, and delivery of products.
• The Information Security Management System is in use and tailored to meet the specific needs of the company.

Tosibox has a cybersecurity team and an officer responsible for monitoring and improving information and cybersecurity as part of Tosi's daily operations. Cybersecurity team and the officer report to company CEO and the executive management team.

The entire Tosi staff regularly participates in information and cybersecurity training provided by the company. Every employee is obligated to promptly report security anomalies according to defined internal processes.

All material available on the public web site is labelled public and can be freely distributed. Classified information will be shared only under the NDA with the relevant parties.