Overview
Sotender is a SaaS platform for healthcare shift & gig staffing operated by Koivu Solutions Oy.
- ✓Hosting & data residency
Runs on Google Cloud. - ✓Identity & auth
SSO via Microsoft/Google. - ✓Independent security testing
External application security audit.
Need signed evidence? Contact support@koivusolutions.com and we’ll provide documentation under NDA.
-
ISO/IEC 27001
Information Security Management System -
GDPR
Data protection by design & processor obligations -
Digi-HTA
Finnish health tech assessment. Public record: oys.fi/fincchta/en/arviot/7387/
Compliance
ISO/IEC 27001:2022
- ✓ISMS & Annex A coverage
Documented policies and procedures across A.5–A.8 (org, people, physical, technological). - ✓Incident response
Defined security incident process with containment, comms & post-incident review. - ✓Business continuity & DR
Backups, regional storage, recovery testing and BIA in place. - ✓Secure SDLC
SDLC policy, code reviews, and pen tests by independent auditor. - ✓Internal audits & management reviews
Planned internal audits with corrective actions; management reviews track ISMS performance and approve the SoA.
GDPR
- ✓ROPA & TOMs
Record of Processing with access control, encryption, logging/monitoring & retention. - ✓DPA with customers
Standard data processing agreement available (processor role for SaaS tenants). - ✓DPIA template
Template available for controllers to assess use of Sotender where required. - ✓Breach handling
Breach register & incident workflow (incl. customer notification support). - ✓Privacy risk management
Maintained privacy risk register; PII/Privacy policy embedded in ISMS.
Controls
Legend: ✅ Implemented & in use at Koivu (policy/process + operating practice).
Subprocessors
| Subprocessor | Location | Role/Purpose | Data categories | Transfers |
|---|
International transfers to the US (where applicable) rely on DPF/SCCs. All application data & backups remain in EU regions.
Documents (request access)
For security reasons, we don’t publish evidence links here. Please email support@koivusolutions.com to request documents.
AI Assisted Security
We use security-focused AI assistants to keep our ISMS, product and privacy practices sharp in everyday work. These assistants provide guidance, training, and guardrails while keeping customer data protected.
- ✓ISO27001 Security Trainer
Bite-size training and refreshers mapped to ISO/IEC 27001:2022 Annex A controls. - ✓Personal Data Privacy Trainer (GDPR)
Interactive GDPR coaching for everyday scenarios, DSRs, lawful basis and minimisation. - ✓Sotender Security Assistant
Answers Sotender security and terms questions and helps prepare customer responses. - ✓ISMS Security Advisor
Q&A on Koivu ISMS policies, risk management, incidents, BCP/DR and audits. - ✓ISO27001 Security Policy Writer
Assists with drafting/updating policies and procedures aligned to ISO/IEC 27001:2022. - ✓Sotender Configuration Assistant
Guides secure configuration of Sotender settings and tenant-level options.
Access to these assistants is available for customers and auditors upon request. Contact support@koivusolutions.com.
Outcomes (Digi‑HTA)
Independent Digi‑HTA assessment includes real‑world evidence from the Wellbeing Services County of Ostrobothnia (Oct 2022 → Oct 2024). Public record: oys.fi/fincchta/en/arviot/7387/
- ✓Lower labour costs
Sharp reduction in agency, overtime and urgent work compensation. - ✓Improved staffing availability
~4,700 registered gig workers; 96.7% of shifts booked via Sotender. - ✓Time savings for supervisors
Recruiting time 25% → 10%; contract admin 20% → 5% of working hours.
Before vs. After (Ostrobothnia)
| Metric | Oct 2022 (before Sotender) | Oct 2024 (with Sotender) |
|---|
Additional research indicates Sotender data supports knowledge‑based management and visualisation for recruitment planning and reporting.
Others
- ✓Accessibility Statement (WCAG / EN 301 549)
sotender.fi/saavutettavuusseloste/
- ✓Privacy Policy
sotender.io/privacy-policy/
- ✓Environmental, Social, Governance (ESG)
Annual ESG summary and key indicators. Available on request from support@koivusolutions.com.