Katakri refers to the set of National Security Auditing Criteria that serve to evaluate an organization's ability to protect classified information of authorities. Katakri is also used as a tool in conducting Facility Security Clearance (FSC). We help organizations develop their environment in all Katakri areas.
A new version of Katakri, Katakri III, has been issued. Its predecessor, Katakri II, was released in 2011 as a clear continuum for the first Katakri version published in 2009. However, Katakri III represents such a radical change that it is a new set of criteria rather than a revision. 
The most significant change presented by the new Katakri version is its focus on risks, requiring organizations to evaluate their risks and select protective measures accordingly. In this respect, Katakri is approaching the ISO 27001 standard.
Nixu has experience in environments and their development in all Katakri areas: security management, physical security, and technical information security. We have helped organizations of different sizes within a number of business fields. Through good consulting and an exhaustive risk evaluation, you can effectively do what is right and prepare for the actual audit. Investing a few days in risk evaluation may result in significant cost savings when building protective controls.
Nixu offers help in the following areas:
  • Risk assessment consulting
  • Interpretation of requirements on the basis of risk evaluations
  • Planning protective measures
  • Documentation and process development
  • Pre-audits and planning corrective measures
Nixu's extensive experience in various criteria also enables organizations to develop their operations in line with the VAHTI, PCI DSS or ISO 27001 standards. Thanks to overlapping requirements, this can cost-efficiently be done at the same time.
If you need to develop your organization or services to correspond with Katakri, we are happy to help you. We offer consulting in all areas from an administrative and technical point of view, not forgetting business needs!
Nixu's subsidiary Nixu Certification Oy has applied for the status of a certification body which is able to carry out Katakri and VAHTI audits aimed at certification, as well as ISO 27001 certifications.
Security management
  • Documentation
  • Processes
  • Policies
Physical security
  • Facility security
  • Access control
  • Structural security
Technical information security
  • Data system security
  • Data network security
  • Access management

Nixu Catalyst

Service to maintain and improve compliance status continuously.
Read more

The Finnish government’s information security levels and ICT contingency planning

Ensuring compliance with the Finnish Vahti guidelines and information security regulations.
Read more

Security Information and Event Management (SIEM)

Operational view to status of information security.
Read more