Services. Comprehensively.
Legal expertise and IT competence in one specialist.
NIS2 Screening — Fast Compliance Assessment⏱ 2–3 working days
Not sure whether NIS2 applies to you — or you know it does, but don't know where to start?
Fixed-scope gap assessment against E-ITS baseline controls. Deliverable: a 5-page board-level report with recommendations prioritised by personal liability exposure.
- Gap mapping against E-ITS baseline controls
- NIS2 applicability assessment by sector and company size
- 5-page board-level report in English
- Prioritised action plan — ordered by personal liability risk
Risk Management⏱ ~2–4 weeks to gap analysis
We build and manage your GRC programme from start to finish.
- Enterprise Risk Management (ERM) systems — design and implementation
- ISO 31000 / ISO 27005 implementation
- Risk analysis, risk registers and developing risk culture
- COSO ERM, NIST RMF, FAIR, COBIT, OCTAVE frameworks
IT Audit and Compliance⏱ ~3–4 months to ISO 27001
Your client, investor, or supplier demands an ISO 27001 certificate. And you have 3 months?
We take you to certification — quickly, in a structured way, and successfully.
- ISO 27001 audit and certification preparation
- E-ITS compliance alignment
- NIS2 and DORA compliance audits
- GDPR assessment and implementation
- Implementation and compliance check of baseline security controls
Cybersecurity and Threat Analysis⏱ ~2–3 weeks to report
You don't know who is targeting you, how they do it, or what data is at risk.
We analyse your threat landscape and strengthen your defence mechanisms.
- ISA/IEC 62443 — industrial automation and control systems cybersecurity
- Threat analysis and attack surface mapping
- OSINT-based investigations and vulnerability assessments
- Incident response procedures
Training and Awareness⏱ 1 day to training session
Your employees are your biggest security risk — not out of malice, but because no one taught them how to recognize threats.
We train your team to recognize and thwart modern attacks.
- Anti-social engineering training (B2B)
- Advanced cybersecurity training for management and staff
- RED TEAM: social engineering training and consulting (trade secret protection)
Data Processing Policy⏱ 2–3 working days
Every Estonian company that handles personal data needs this document. Most don’t have it — and the board is personally liable for that gap.
A GDPR Article 30‑compliant Records of Processing Activities (RoPA) document, drafted for your specific business.
- Mapping of all personal data processing activities across your organisation
- Legal basis, retention periods and data categories documented per processing activity
- Third‑party processor relationships identified and recorded
- Compliant with GDPR Art. 30 and Estonian DPA requirements
- Ready for immediate use — no further formatting or legal review needed
Separate service line
Google Workspace Solutions
Work environment, email and IT infrastructure — separate packages. View GWS packages →
Pricing Overview
All prices exclude VAT. Exact pricing depends on company size and scope.
| Service | From |
|---|---|
| Google Workspace migration + full setup | € 999 |
| GDPR GAP analysis assessment + report | € 1,500 |
| ISO 27001 readiness audit | € 3,500 |
| NIS2 compliance audit | € 4,000 |
| DORA GAP analysis | € 5,500 |
| Social engineering training (group up to 20) | € 1,200 |
| Data processing policy (GDPR Art. 30 compliant) | € 500 |
* Prices exclude VAT. Exact pricing depends on company size. Every new client starts with a free 30-minute discovery call.