The first Finnish audit criteria for cloud services released – PiTuKri improves cloud security

Nixu Corporation
Press release, June 5, 2019 at 10.00 am EEST

The Finnish National Cyber Security Centre (NCSC) has released new audit criteria for cloud services called PiTuKri. The implementation of the criteria improves security in situations where authorities process classified information in the cloud. 

National criteria for secure cloud released

Katakri, the national security audit criteria (kansallinen turvallisuusauditointikriteeristö), has been a suitable auditing tool for authorities in Finland for over a decade now. However, the fact that Katakri does not consider the particularities of cloud environments constantly underlined the need for a modern auditing tool amid growing adoption of cloud computing in many industries.

The Finnish Ministry of Finance has advised public sector to utilize cloud services but to take into account information security. PiTuKri (Pilvipalveluiden turvallisuuden arviointikriteeristö) can be used in an acquisition of a new cloud service or when assessing operational cloud environment’s security. 

Nixu contributing to the creation

Nixu has a strong background in secure cloud services. Nixu has taken part in developing the European Security Certification (EU-SEC) framework, creating concepts for European security verification. In addition, Nixu Certification, an information security inspection body, is an accredited CSA STAR (Cloud Security Alliance,Security Trust Assurance and Risk) andKatakri auditor. 

Based on this experience, Nixu contributed to the PiTuKri development process by commenting the framework along the way. 

Next steps towards safe digitalization

Nixu Certification is already working on a first cloud service assessment utilizing PiTuKri. This attests to a strong demand for the criteria.

”We’ve invested in building a solid foundation for secure cloud in the EU-SEC framework. I’m happy that we can make a valuable impact on the national criteria as well,” says Niki Klaus, Managing Director of Nixu Certification.

The security requirements for cloud services are under constant re-evaluation. NCSC will collect feedback for further updates. The criteria will soon be published in Swedish and English. 


Nixu Corporation

Further information:
Managing Director Niki Klaus, Nixu Certification
Telephone +358 50 394 8996, e-mail:

main media

Nixu in brief:

Nixu is a cybersecurity services company on a mission to keep the digital society running. Our passion is to help organizations embrace digitalization securely. Partnering with our clients we provide practical solutions for ensuring business continuity, an easy access to digital services and data protection. We aim to provide the best workplace to our team of nearly 400 cybersecurity professionals with a hands-on attitude. With Nordic roots we serve enterprise clients worldwide. Nixu shares are listed on the Nasdaq Helsinki stock exchange.

Nixu Certification is a certification body as well as an information security inspection body accredited by FINAS and Traficom. We focus exclusively on information security certification audit services providing a comprehensive audit service portfolio. Our audit portfolio consists of standards such as ISO 27001, Katakri, VAHTI, Kanta, PCI DSS and CSA STAR.