EAA Traficom supervises consumer-service accessibility from 28 June 2025.

Open the Readiness Index
Toiste

Security & trust

A management layer for regulated customer journeys — with security and auditability baked in.

Toiste isn't just an accessibility tool; it's a management layer over critical consumer journeys. EU-region data handling, role-based access, audit logs and a verifiable evidence trail sit at the core of the product — not as add-ons.

Toiste sees where customer journeys get fixed, who is fixing them and on what schedule. That is a serious governance responsibility, and the product is designed for it: data in the EU, RBAC and audit log as standard, DPA available, and no payment-card or personal data stored. Procurement and security review pass on the same principles we would demand ourselves.

Data handling

Finding data is stored in the EU. Role-based access control (RBAC), audit log and tokenized API access as standard. Administrators can see who viewed what and when.

GDPR

We operate as a processor under your instructions. Data Processing Agreement (DPA) available on request. Processing basis and privacy notice documented.

ISO 27001 roadmap

Security controls documented toward certification. The roadmap is shared with regulated customers during procurement.

What we store

Static screenshots, CSS selectors, HTTP paths — only what is needed for remediation. No payment-card or personal data stored.

Auditable evidence trail

Continuous timeline of audits, fixes, regressions and feedback responses. Downloadable evidence pack for audits, internal reporting and regulatory review.

Our own accessibility

The Toiste product is itself tested against EN 301 549. We maintain our own accessibility statement and feedback process the same way our customers do.

Regulatory anchors

Built for continuous governance under the Digital Services Act, EN 301 549 and WCAG 2.2 AA.

EN 301 549

Every finding mapped to a clause in the European harmonized standard.

WCAG 2.2 AA

Criteria documented at journey and component level.

Digital Services Act (FI)

Scope, obligations and exemptions reflected in both content and workflow.

Traficom supervision

Keeps the accessibility statement, feedback channel and 14-day response audit-ready.

GDPR · EU data processing

Finding data stays in the EU. RBAC and audit log by default.

ISO 27001 roadmap

Security controls documented toward certification; the roadmap is shared with pilots.

Subscribe to Readiness Index updates and regulatory briefings

Track the accessibility state of Finnish consumer services and the Digital Services Act in practice. Monthly to your inbox: index updates, regulatory findings and remediation best practices. Want to see the platform on your own journey? We also run 30-minute walkthroughs.

Subscribe to updates See the platform in action