Overview
Sotender is a SaaS platform for healthcare shift & gig staffing operated by Koivu Solutions Oy.
-
✓Hosting & data residency
Runs on Google Cloud. -
✓Identity & auth
SSO via Microsoft/Google. -
✓Independent security testing
External application security audit.
Need signed evidence? Contact support@koivusolutions.com and we’ll provide documentation under NDA.
-
ISO/IEC 27001
Information Security Management System -
GDPR
Data protection by design & processor obligations -
Digi-HTA
Finnish health tech assessment. Public record: oys.fi/fincchta/en/arviot/7387/
Compliance
ISO/IEC 27001:2022
-
✓ISMS & Annex A coverage
Documented policies and procedures across A.5–A.8 (org, people, physical, technological). -
✓Incident response
Defined security incident process with containment, comms & post-incident review. -
✓Business continuity & DR
Backups, regional storage, recovery testing and BIA in place. -
✓Secure SDLC
SDLC policy, code reviews, and pen tests by independent auditor. -
✓Internal audits & management reviews
Planned internal audits with corrective actions; management reviews track ISMS performance and approve the SoA.
GDPR
-
✓ROPA & TOMs
Record of Processing with access control, encryption, logging/monitoring & retention. -
✓DPA with customers
Standard data processing agreement available (processor role for SaaS tenants). -
✓DPIA template
Template available for controllers to assess use of Sotender where required. -
✓Breach handling
Breach register & incident workflow (incl. customer notification support). -
✓Privacy risk management
Maintained privacy risk register; PII/Privacy policy embedded in ISMS.
Controls
Legend: ✅ Implemented & in use at Koivu (policy/process + operating practice).
Subprocessors
| Subprocessor | Location | Role/Purpose | Data categories | Transfers |
|---|
International transfers to the US (where applicable) rely on DPF/SCCs. All application data & backups remain in EU regions.
Documents (request access)
For security reasons, we don’t publish evidence links here. Please email support@koivusolutions.com to request documents.
AI Assisted Security
We use security-focused AI assistants to keep our ISMS, product and privacy practices sharp in everyday work. These assistants provide guidance, training, and guardrails while keeping customer data protected.
-
✓ISO27001 Security Trainer
Bite-size training and refreshers mapped to ISO/IEC 27001:2022 Annex A controls. -
✓Personal Data Privacy Trainer (GDPR)
Interactive GDPR coaching for everyday scenarios, DSRs, lawful basis and minimisation. -
✓Sotender Security Assistant
Answers Sotender security and terms questions and helps prepare customer responses. -
✓ISMS Security Advisor
Q&A on Koivu ISMS policies, risk management, incidents, BCP/DR and audits. -
✓ISO27001 Security Policy Writer
Assists with drafting/updating policies and procedures aligned to ISO/IEC 27001:2022. -
✓Sotender Configuration Assistant
Guides secure configuration of Sotender settings and tenant-level options.
Access to these assistants is available for customers and auditors upon request. Contact support@koivusolutions.com.
Outcomes (Digi‑HTA)
Independent Digi‑HTA assessment includes real‑world evidence from the Wellbeing Services County of Ostrobothnia (Oct 2022 → Oct 2024). Public record: oys.fi/fincchta/en/arviot/7387/
-
✓Lower labour costs
Sharp reduction in agency, overtime and urgent work compensation. -
✓Improved staffing availability
~4,700 registered gig workers; 96.7% of shifts booked via Sotender. -
✓Time savings for supervisors
Recruiting time 25% → 10%; contract admin 20% → 5% of working hours.
Before vs. After (Ostrobothnia)
| Metric | Oct 2022 (before Sotender) | Oct 2024 (with Sotender) |
|---|
Additional research indicates Sotender data supports knowledge‑based management and visualisation for recruitment planning and reporting.
Others
-
✓Accessibility Statement (WCAG / EN 301 549)
sotender.fi/saavutettavuusseloste/
-
✓Privacy Policy
sotender.io/privacy-policy/
-
✓Environmental, Social, Governance (ESG)
Annual ESG summary and key indicators. Available on request from support@koivusolutions.com.