National Standards

National standards

Meeting national requirements is a prerequisite for cooperation with authorities and handling classified information. These requirements particularly apply to companies and organizations operating in critical sectors such as defense, security, ICT, and public administration.

Savia ensures that an organization meets national requirements and is prepared for official audits. Without sufficient preparation months in advance, it is impossible to meet the necessary requirements, which at worst can lead to delays in the organization’s operations. It is advisable to pass the audit conducted by the assessment body on the first attempt, as a re-audit opportunity may not be available for a long time.

Savia’s team has 15 years of experience in designing, implementing, and maintaining the requirements of various national security classifications in security-critical organizations. In addition, Savia has hands-on experience with NATO requirements and the accreditation process. Our experience in implementing security requirements ensures that Savia’s client organizations meet the requirements before the audit and are ready to proceed without delays.

NATIONAL STANDARDS

KATAKRI

The National Security Audit Criteria (KATAKRI) is a tool developed by Finnish authorities to assess an organization’s ability to protect classified information. It consolidates the minimum requirements based on national regulations and international obligations.

Savia supports its clients in preparing for KATAKRI audits by offering expertise in understanding and applying the criteria’s requirements. This includes evaluating the organization’s security arrangements, identifying risks, and planning the necessary actions to ensure compliance.

Savia’s team includes certified KATAKRI lead auditors, ensuring that our pre-audits interpret the requirements correctly, identify and assess risks accurately, and implement measures to reduce those risks to an acceptable level.

PITUKRI

The Cloud Service Security Evaluation Criteria (PITUKRI) has been developed to guide the assessment of cloud service security. It provides a method for evaluating the implementation of security requirements in cloud services and helps organizations ensure that their cloud solutions meet established security standards.

Savia supports organizations in achieving PITUKRI compliance by analyzing existing cloud service solutions, identifying potential gaps, and, if necessary, implementing improvements in collaboration with the client. This ensures that our clients can trust their cloud services are secure and compliant with the required standards.

JulKRI

The Information Security Evaluation Criteria for Public Administration (JulKRI) is designed to support the development and assessment of information security in public sector organizations. It includes a comprehensive set of criteria based on legislation, international standards, and other information security recommendations.

Savia assists its clients in navigating the requirements of the JulKRI framework by providing expert support throughout the evaluation process, identifying areas for improvement, and implementing necessary measures to enhance information security. This ensures that organizations effectively meet the information security requirements of the public administration sector.

NATO Classifications

NATO Information Security Standards (NATOT) set strict requirements for organizations handling NATO-classified information. Compliance with these standards is essential to ensure the security and confidentiality of information in international contexts.

Savia offers its clients extensive experience and expertise in the NATO accreditation process, including fulfilling hundreds of specific requirements. Savia helps organizations prepare for the process by identifying the applicable standards and implementing the necessary measures to meet them. This collaboration ensures that clients are fully prepared to comply with NATO’s information security requirements.

CERTIFICATION

ISO 27001 Advisory and Certification

ISO/IEC 27001 is an international standard that defines requirements for an information security management system. With certification, the company shows that it manages information security risks systematically and that security development is a driven process.

We help you prepare for ISO 27001 certification. Savia can also carry out the company's certification process in accordance with the standard in its entirety.

INFORMATION SECURITY

Jyri Penttinen

Partner, Information Security

+358 (0)50 544 2522 | firstname@savia.fi

Contact

Language