When confidential information is transferred outside physically protected areas, the information should primarily be transmitted electronically over a network, protected with encryption products approved by the authority.

If this method is not used:

• confidential information must be transported on electronic media protected with encryption products approved by the authority (such as USB memory sticks, CDs, hard drives), or
• in other cases, in accordance with the authority's instructions.

In addition, for classification level IV, the following measures must be implemented:

• the material is packaged in a sealed envelope or equivalent; the outer envelope must not contain any indication of the classification level nor otherwise reveal that it contains confidential material (the envelope or equivalent must be opaque)
• the material is delivered domestically as regular post, as a registered letter, or in accordance with courier procedures approved by the authority for the relevant classification level; delivery abroad by post is only permitted based on separate approval from the authority
• only approved personnel are involved in the organization's internal mail handling chain
• the organization has identified requirements and established procedures for transferring specially protected information assets (such as encryption keys).

Requirements related to international classified information must be confirmed on a case-by-case basis with the Finnish Security Intelligence Service or the Defence Command.

When confidential information is transferred outside physically protected areas, the information should primarily be transmitted electronically over a network, protected with encryption products approved by the authority.

If this method is not used:

• confidential information must be transported on electronic media protected with encryption products approved by the authority (such as USB memory sticks, CDs, hard drives), or
• in other cases, in accordance with the authority's instructions.

In addition, for classification level III, the following measures must be implemented:

• the organization has identified requirements and established procedures for transferring specially protected information assets (such as encryption keys)
• the material is packaged in a resealable double envelope or equivalent; the outer envelope must not contain any indication of the classification level nor otherwise reveal that it contains confidential material (envelopes or equivalent must be opaque)
• the material is delivered domestically either as a registered letter based on separate approval from the authority or in accordance with courier procedures approved by the authority for the relevant classification level; delivery abroad by post is only permitted based on separate approval from the authority
• only approved and security-cleared personnel are involved in the organization's internal mail handling chain.

Requirements related to international classified information must be confirmed on a case-by-case basis with the Finnish Security Intelligence Service or the Defence Command.

When confidential information is transferred outside physically protected areas, the information should primarily be transmitted electronically over a network, protected with encryption products approved by the authority.

If this method is not used:

• confidential information must be transported on electronic media protected with encryption products approved by the authority (such as USB memory sticks, CDs, hard drives), or
• in other cases, in accordance with the authority's instructions.

In addition, for classification level II, the following measures must be implemented:

• the organization has identified requirements and established procedures for transferring specially protected information assets (such as encryption keys)
• only approved and security-cleared personnel are involved in the organization's internal mail handling chain
• the material is packaged in a resealable double envelope or equivalent; the outer envelope must not contain any indication of the classification level nor otherwise reveal that it contains confidential material (envelopes or equivalent must be opaque); the inner envelope must be sealed, and the recipient must be instructed to check the integrity of the seal and immediately report any suspected compromise
• the material is delivered domestically and abroad in accordance with courier procedures approved by the authority for the relevant classification level

Requirements related to international classified information must be confirmed on a case-by-case basis with the Finnish Security Intelligence Service or the Defence Command.