HomeCompliance › PiTuKri

PiTuKri compliance software for Finnish public-sector cloud.

Traficom's PiTuKri criteria pre-loaded across governance, personnel, physical, technical, supply chain and incident handling. ISO 27001 mapping, BYOK key-management option, NCSC-FI contact wired into the IR runbook, Finnish-data-location declarations. Built for cloud providers selling into Finnish state, municipalities, hyvinvointialueet and Kela-supervised programmes.

Open the portal See pricing

What is PiTuKri?

PiTuKri - Pilvipalveluiden Turvallisuuden Kriteerit - is the cloud-security criteria document published by Traficom (the Finnish Transport and Communications Agency). It is what the Finnish public sector uses to evaluate cloud services before procurement. PiTuKri builds on ISO 27001/27017/27018 and adds Finland-specific overlays on sovereignty, data location and NCSC-FI incident handling.

Who needs to comply

  • Cloud providers selling into Finnish state agencies
  • Cloud providers serving municipalities and the new hyvinvointialueet (welfare regions)
  • SaaS handling Kela-supervised programmes
  • EU SaaS providers wanting Finnish-public-sector procurement readiness

Key PiTuKri capabilities in Dazr

HallintoPolicy, roles, risk register feeding both PiTuKri and ISO.
HenkilostoBackground screening, annual training, quarterly phishing simulations.
SalausAES-256 at rest, TLS 1.2+ in transit. BYOK option.
TietoturvavalvontaSOC use-cases mapped to MITRE ATT&CK.
AlihankkijatSub-processor register with annual review.
NCSC-FI IRIncident runbook with NCSC-FI contact and Traficom notification path.

What auditors look for

The customer (a Finnish public-sector buyer) or an external assessor walks the PiTuKri criteria, particularly the sovereignty / data-location declaration and the incident-handling alignment with NCSC-FI. Dazr keeps the workspace audit-ready year-round.

How Dazr helps with PiTuKri

  • Pre-loaded controls across all PiTuKri dimensions
  • Run PiTuKri alongside ISO 27001, CSA CCM and BSI C5 in one workspace
  • Sub-processor register with PiTuKri / equivalent status
  • NCSC-FI contact and notification template in the IR runbook
  • Hand the buyer a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

PiTuKri questions, answered.

What is PiTuKri?

The cloud-security criteria published by Traficom (the Finnish Transport and Communications Agency). Used by the Finnish public sector to evaluate cloud-service providers.

Who uses PiTuKri?

Finnish state agencies, municipalities, hyvinvointialueet and Kela-supervised programmes whenever they procure cloud. Providers prepare against PiTuKri to win those contracts.

How does PiTuKri relate to ISO 27001?

PiTuKri builds on ISO 27001/27017/27018 and adds Finland-specific overlays on sovereignty, data location and NCSC-FI incident handling.

Where is data hosted?

European Union only. AES-256-GCM at rest. EU jurisdiction.

Ready to start your PiTuKri programme?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks