OIXIO Cyber

E-ITS and ISO27001 Advisory

OIXIO Cyber comes to the rescue and helps you align with E-ITS (Estonian Information Security Standard) or ISO27001 standards.

E-ITS and ISO27001 consultancy, meeting

Who is it for?

The responsibility for implementing e-ITS lies primarily with Estonian public authorities. However, as an alternative to E-ITS, it is also allowed to implement the ISO27001 standard. ISO27001 is a widely recognised international standard that could also be the hygiene standard for any private sector company today in managing information security and raising the level of cyber security.

What problems or needs does it solve?

Why is the Estonian Information Security Standard (E-ITS) necessary?

  • Every head of an institution is responsible for the security and continuity of their own organisation’s data and information systems! Should a cyber incident occur, it is the manager who must report to the public. By implementing E-ITS, the risk of a cyber incident can be minimised.
  • Obviously, the primary responsibility for E-ITS compliance lies with the providers of vital services (CSPs) and essential services (ISPs), but also the Cyber Security Act (Cybersecurity Act) means that there are approximately 3000 institutions in Estonia that need to align themselves with the new information security standard and undergo a certification process.
  • The RIA actively monitors E-ITS duty-holders and, where necessary, imposes sanctions, publicly reporting injunctions and decisions resulting from non-compliance with E-ITS requirements. The maximum penalty payment resulting from non-compliance with E-ITS requirements may amount to €20 000 per day.

Why is the ISO27001 standard necessary?

  • A systematic and comprehensive basis for the implementation and day-to-day management of information security governance.
  • Helps companies identify and prevent security risks and mitigate business risk from cyber threats.
  • It is a generally accepted international standard, which is also known and accepted outside Estonia.
  • ISO27001 certification raises your company’s profile and gives you a competitive edge in the business world – it’s a simple way to prove (e.g. to external partners or customers) that your company has a high level of cyber security.
  • Implementing an information security management system may seem costly initially, but in the long run, implementing ISO27001 will lead to cost savings, as the damage caused by a cyber incident is usually many times greater.

Why OIXIO Cyber?

  • The OIXIO Cyber team has years of experience in information security management and implementation of various standards for both larger and smaller Estonian private and public sector companies.
  • We are not only theorists, but also very strong practitioners who can actually implement the necessary measures and keep them up and running.
  • OIXIO offers a complete IT infrastructure and cyber security solution, making the implementation of standards much easier and faster, as everything can be done with just one partner.

How do we help?

We can help you with the implementation of the E-ITS or ISO27001 standard in several ways.

  • We advise and help you prepare for a certification audit.
  • We create the necessary documentation and processes.
  • We are developing an information security policy.
  • We carry out a risk analysis and a risk management plan.
  • We will identify and implement the necessary technical measures.
  • We train.
  • We carry out internal audits.

Our experience

We have years of experience in conducting cyber security audits, risk assessments and implementing and maintaining information security management systems on a day-to-day basis.

If you would like to ask any of our existing clients for feedback on our capabilities, please let us know and we will arrange a contact/meeting.