Skip to main content

Enfo first company in Finland to have the assessment under the Katakri2020 criteria

Content sections


On September 24, 2021, Enfo became the first company in Finland to achieve security assessment classification level III under the national Katakri2020 audit criteria. The assessment covers subdivisions on security management (T) and the physical security (F) of its data centers.

Katakri is the Finnish authorities’ information security auditing tool, which an authority can use to assess the target organization’s capability to protect national and international classified information. Enfo’s interest in Katakri arose from the needs of its customer base.

“Our customers include organizations that need to store, process and protect national and international classified information. Completing this assessment and obtaining this classification means that we can collaborate with our customers in the offering and development of such services. The latest version of the criteria was published in December 2020, and we wanted to have our operations assessed according to the latest criteria”, says Altti Heinonen, Director, Security & Governance at Enfo.

According to Heinonen, assessments and certificates are more than just impressive pieces of paper to hang on your wall: they help us ensure the confidentiality, integrity, and availability of Enfo’s own and our customers information.” The Katakri2020 assessment gives us a neutral third-party opinion on the state of information security at Enfo. It is also a great complement to the ISO27001 certificate, which we are currently in the process of expanding in our personnel and in the organization.”

High-quality security management and physical security

In the first phase, the Katakri2020 assessment covers subdivisions security management (T) and physical security (F). Security management covers matters such as personnel security and recruitment policies and guidelines, as well as the capability of Enfo’s personnel to follow good information security practices in the performance of their duties. Physical security, on the other hand, concerns Enfo’s data center environment, facilities and access control.” We set out to achieve security classification level III in these areas, and that is precisely what we did”, Heinonen says.

In the next phase, Enfo will apply for the assessment of its technical information security. Assessments of this aspect will be more precise and targeted at individual customers and systems, including their configurations and specifications.

Enfo's partner in the Katakri2020 assessment is Nixu Certification Oy.