Criteria for Assessing the Information Security of Cloud Services (PiTuKri)

Our set of Criteria for Assessing the Information Security of Cloud Services (PiTuKri, abbreviated from its Finnish name, Pilvipalveluiden turvallisuuden arviointikriteeristö) is designed to ensure an adequate level of information security when public authorities’ classified data is processed using cloud-based services. Designed to meet Finland’s national needs, the criteria are intended for use by authorities to assess the security of cloud services.

You may freely use, share and edit the Criteria to Assess the Information Security of Cloud Services (PiTuKri) as longs as you name the original source. The criteria also refer to information from sources outside the National Cyber Security Centre Finland. When you use the criteria, please consider the holders of rights to such sources and the rights they may have.

We provide the criteria as they are published on this website.

Those using the criteria are responsible for any action they take based on the criteria, including services they provide to third parties.

We reserve the right to edit and amend the criteria and their conditions based on future needs. We will notify any changes on our website.