The upcoming GDPR era caused a lot of discussion and speculation in companies and media, how companies should prepare for the new requirements. For Leinolat Group, an extended elfSURVEY was carried out, including technical cyber security assessment, together with data protection analysis regarding personal data handling.

At the assessment phase, cyber security risks and protection mechanisms were studied, and the company’s IT environment was mapped. Regarding the personal data handling, an understanding was formed about how and where is personal data stored, and personal data streams were mapped within and between different information systems. As a result of elfSURVEY cyber security assessment, a practical and correctly dimensioned development plan is drafted, so that the customer can concretely advance in developing their cyber security.

 Tools and next steps in cyber security implementation

The results of the assessment and the subsequent instructions support Leinolat Group’s IT personnel in developing their cyber security. The deliverables are a great tool for them to advance it internally within the corporation.

”From the assessment we obtained great tools that guide us further,” states Aki Itävaara, Leinolat Group’s CIO.

According to him, when compared to their industry average, Leinolat Group has their cyber security endeavors in good order. Thus, the assessment didn’t bring up any big surprises. Instead, formally implemented assessment with its deliverables is an efficient tool for IT professionals in internal corporate development.

One of the Leinolat Group companies, T-Drill, is a world-class supplier of tube and pipe fabrication solutions. IT Manager Mika Aaltofrom T-Drill took part to the cyber security assessment process in all of its phases.

“We got about the GDPR work in a guided manner. Now we have the next steps planned out for further development. An external third-party taking part to the process carries it forward efficiently, and provides a great outlook on the entity,” tells Mr. Aalto.

At a corporation, maintaining the big picture and advancing cyber security matters can be challenging when each company has their own information systems. At Leinolat Group, the corporation strives to find synergies from shared systems when applicable. The same way, carrying out the cyber security assessment for the whole group at once was effective.

After the cyber security assessment, it’s easy to state that cyber security matters are well in control when a third-party has objectively so evaluated. However, work with cyber security is continuous in this always changing networked world. Leinolat Group had cyber security issues in active deliberations already before the cooperation with elfGROUP, and their expertise that has grown through this cooperation will definitely carry on to future development rounds.