What we actually do

A new business owner came to us the day before their first client meeting. They had no business-domain email, no document management, and no security controls in place.

Within 24 hours we deployed a complete Google Workspace environment: business-domain email for all users, MFA on every account, secured Drive sharing rules, DMARC/DKIM/SPF for domain reputation protection, and role-based admin tooling.

The client walked into their first meeting with a professional business email, secure file sharing, and the confidence that their digital identity was protected.

An established company had used their hosting provider's email for years. That meant slow servers, weak spam filtering, and no MFA support. They knew migration was necessary — but feared data loss and downtime.

We planned the migration in stages: first DNS preparation and Google Workspace account creation, then gradual email history migration via IMAP, finally MX record cutover at a precisely timed moment.

The result: complete email history in the new system, users trained, DMARC and DKIM configured, and the domain switched without a single message going missing.

One of our clients was handling dozens of repetitive requests every week: contract approvals, report generation, internal team notifications. Each task took time individually, but none were complex.

We deployed Google Workspace AI tools combined with Apps Script automation: Gemini AI-assisted drafting in Gmail, automated workflows from Google Forms into Sheets and Drive, and a notification system routing the right information to the right person without manual intervention.

The result: staff reclaimed an average of 4 hours per week from repetitive tasks. The IT lead received automated security event summaries directly to their inbox.

A company came to us for "just an email migration." The initial assessment revealed a bigger picture: outdated DNS settings, no DMARC, employee accounts without MFA, and admin rights spread across too many people.

We expanded the scope together by mutual agreement. Alongside the standard migration, we ran a full Google Workspace security review: audited all admin permissions, configured Data Loss Prevention (DLP) rules, enabled Google Workspace security logs, and produced a short action plan for the road toward ISO 27001.

A mid-sized IT services company received a demand from a major client: ISO 27001 certification within 6 months. Management did not know where to start or how far they actually were from the goal.

We conducted a thorough gap analysis — reviewing all 93 ISO 27001:2022 controls, interviewing key personnel, and assessing existing documentation. Within three weeks, the client had a clear action plan: what is in order, what needs attention, and what needs to be built from scratch.

The client entered the certification process with a precise timeline and budget — no surprises.

An e-commerce company had been operating for years without a formal data protection structure. A questionnaire from the supervisory authority triggered a panic: where is the data processing register? Which suppliers have signed data processing agreements?

We mapped all personal data flows — customers, employees, suppliers. We built a complete Record of Processing Activities (ROPA), audited all third-party contracts against GDPR requirements, and completed the missing DPAs. Also included: an updated privacy policy and a short staff training session.

A financial intermediary wanted to understand whether and how NIS2 would affect their operations — before the law comes into force in Estonia. Management feared they would need full ISO 27001 certification, which would have been costly and time-consuming.

We assessed NIS2 applicability, sector classification, and existing security controls. The finding: the company is an important entity under Annex II, but already has approximately 70% of the required measures in place. We produced a focused gap list and a 90-day action plan.

A manufacturing company needed a mandatory risk assessment for ISO 27001 certification, but their internal team lacked the methodology. The existing "risk register" was an Excel sheet with no methodology or prioritisation.

We conducted a full information security risk assessment per the ISO 27005 methodology: asset inventory, threat and vulnerability identification, risk evaluation and prioritisation, risk treatment plans. The final document met certification body requirements on first submission.

A healthcare sector company learned that NIS2 requires reporting significant incidents within 24 hours. They had no documented procedure — incidents were handled ad hoc by whoever happened to be available.

We built a complete incident handling framework: incident classification, escalation chain, reporting template for the supervisory authority, internal investigation procedure, and a learning mechanism. A post-training test showed that staff could correctly identify and escalate incidents after a 2-hour training session.

An IT solutions provider wanted to participate in a public procurement where E-ITS (Estonian Information Security Standard) baseline compliance was required. They had no overview of whether they met the requirements.

We audited the company's information systems and processes against E-ITS baseline requirements. We identified 11 gaps, of which 4 required immediate technical changes. All gaps were closed within 6 weeks — precisely before the tender submission deadline.

A financial services company was required under ISO 27001 to assess the security posture of its critical suppliers. They had 23 suppliers and did not know where to start or how to evaluate them.

We developed a supply chain risk assessment methodology and questionnaire. We classified all suppliers by criticality, conducted document analysis for high-risk suppliers, and produced a short assessment for each. The outcome was a complete supply chain risk register and a follow-up action plan.

A fast-growing SaaS company had reached the point where enterprise clients were requiring security documentation before signing contracts. The company had no information security policies whatsoever — neither digital nor on paper.

We produced a complete information security policy package: general information security policy, password management policy, remote work security guide, incident handling procedure, data classification scheme, and acceptable use policy. All documents were tailored to the company's actual way of working — not generic templates.