Frequently Asked Questions
How is HoneyLake™ different from a standard IT consultant?
Standard IT consultants focus purely on technical configurations. HoneyLake™ combines legal expertise (University of Tartu) and certified IT auditing, allowing us to mitigate both legal risks and technical vulnerabilities simultaneously.
Do you only work with Estonian companies?
No, we have over 20 years of risk management experience across Estonia, Spain, and the United Kingdom. We serve clients throughout the European Union and can conduct audits and consulting in Estonian, English, Russian, and Spanish.
How long does an initial GRC or NIS2 audit take?
An initial gap analysis typically takes 1 to 3 weeks, depending on the size of the organisation and complexity of the systems, resulting in a concrete and legally sound action plan.
Do you also offer consulting related to the DORA regulation?
Yes, we help financial sector companies and their IT service providers align their systems and risk management processes with the DORA (Digital Operational Resilience Act) requirements.
What is E-ITS and does my company need to consider it?
E-ITS is the Estonian Information Security Standard. It is mandatory for state institutions and vital service providers, but also highly recommended for the private sector seeking to build a systematic and secure IT environment.
Do you also assist with GDPR (data protection) matters?
Yes. Because our team includes legal expertise, we can tie data protection requirements directly to IT security measures, ensuring both legal compliance and technical data protection.
Which frameworks do you work with most?
Our primary tools are ISO 27001 (information security), ISO 31000 and 27005 (risk management), NIS2, DORA, COSO ERM, and NIST RMF. We always choose the framework that fits your company's size and goals.
What does the ISO 27001 certification process look like with you?
We start with mapping the current situation, create the necessary documentation and processes, implement security measures, and conduct an internal audit to ensure your readiness to successfully pass the external auditor (e.g., PECB).
Do you also conduct employee cyber hygiene training?
Absolutely. We offer practical social engineering and cyber awareness training that helps employees recognise phishing attacks and other daily threats.
Do I have to buy a monthly management service or do you also do one-off projects?
We offer both. We can step in for a one-off audit or implementation project, but many clients prefer our monthly virtual Chief Information Security Officer (vCISO) service.
How is my company's data kept secure during the audit?
Security and confidentiality are in our DNA. We always sign a strict NDA (Non-Disclosure Agreement) and use only encrypted and secure data exchange channels during the audit.
What does the initial consultation cost and what does it include?
The first 15-minute Google Meet consultation is always free. During this call, we map your primary concern or goal and assess if and how we can create the most value for you.