How Pirkanmaan Jätehuolto made cybersecurity part of the daily routine

Pirkanmaan Jätehuolto reached NIS2 compliance ahead of schedule while building lasting in-house cybersecurity expertise.

Industry
Waste Management
Company
Pirkanmaan Jätehuolto
Visit website ->

Used Frameworks

Pirkanmaan Jätehuolto is a municipal waste management company operating in the Pirkanmaa region of Finland. As part of the critical infrastructure sector, the company faced increasing regulatory pressure with the introduction of the EU's NIS2 Directive. Antti Pessinen, Head of IT, led the effort to ensure compliance.

They needed a tool that would help them structure their response, build internal know-how, and avoid outsourcing critical understanding. That led them to Cyberday.

The goal wasn’t just compliance

When news broke that the NIS2 Directive would apply to their industry, Pirkanmaan Jätehuolto realized they needed a better way to manage cybersecurity requirements. They were used to working with frameworks like ISO 14001, but cyber regulation presented new demands.

Antti recalls that the team initially considered multiple tools and even the possibility of bringing in a consultant:

“We looked at four or five solutions. Some offered just a blank canvas and a list of requirements. That wasn’t good enough.”

The key issue was not just documenting compliance but understanding it and maintaining that knowledge over time.

Instead, the team sought a solution that would guide their work, build internal expertise, and help integrate cybersecurity into everyday processes.

Turning requirements into real responsibility

After evaluating their options, the team chose Cyberday primarily for its structure and clarity.

“What we liked was how Cyberday guided the process. It doesn’t assume you already know what to do, but it helps you learn by doing.”

Rather than outsourcing the work, Pirkanmaan Jätehuolto decided to lead the project internally. They structured the implementation as a formal project, complete with an internal steering group that included executive leadership. This helped ensure company-wide buy-in and gave the effort visibility across departments.

Each section of the framework was assigned an owner. The team made a conscious effort to avoid putting everything on a single person’s shoulders:

“This isn’t one person’s job. Everyone needs to know their responsibility. That way, cybersecurity becomes a normal part of our operations.”

Cyberday’s built-in guidance and clear hierarchy helped the team roll things out in phases. It also made it easier to bring other staff on board, with instructions that were understandable and accessible.

“We’ve had very little negative feedback. People find the instructions easy to follow and the content is in plain language.”

From planning to practice

Pirkanmaan Jätehuolto began the Cyberday implementation in spring 2024, aiming to meet the NIS2 compliance deadline of October 18, 2024 — the date by which EU member states were required to implement the directive into national law.

“By the October deadline, we were basically done, just finishing up the last few items.”

Pirkanmaan Jätehuolto decided not to wait. They proactively adopted Cyberday’s NIS2 framework and prepared for the upcoming requirements early. This positioned them ahead of others.

When the national cybersecurity act framework became available in Cyberday, the team incorporated it right away. The remaining updates, mainly related to physical security, were finalized in early 2025. According to Antti:

“We’re in a place now where we can say the work is done. By midsummer, we’ll be fully aligned and not worried about what’s coming.”

Cyberday has since become their central tool not only for NIS2 but also for GDPR and broader information security documentation. They're now planning to migrate privacy documentation into Cyberday as well, replacing older systems.

They’ve also started using Cyberday’s content as a foundation for staff training, linking policies and responsibilities to a learning platform.

“Our updated security and privacy policies are based on the work we did in Cyberday. It’s helped us bring clarity across the organization.”

How to utilize Cyberday

Risk-based compliance management

Your security team can automate risk assessments, linking mitigation actions directly to compliance requirements.

Seamless policy & documentation handling

Instead of juggling multiple spreadsheets and documents, our platform allows you to manage all policies, controls, and audit evidence in one place.

Automated reporting

Generating reports for audits and regulatory bodies is now quick and automated, reducing administrative overhead.

Lessons learned

Looking back, Antti says their approach of doing the work internally with structured support, was the right one.

“Don’t take shortcuts. You’ll learn more and understand the ‘why’ behind every requirement if you do it yourself with the right guidance.”

His advice to others starting from scratch?

The biggest surprise? Even though they knew it would be a major effort, the reality of getting new practices implemented into day-to-day operations still caught them off guard:

“We knew it would be a lot of work, and it still surprised us. Writing things down is one thing. The hard part is turning it into real action. But once you do, it sticks.”

Bringing it all together

With Cyberday, Pirkanmaan Jätehuolto turned compliance into a shared responsibility. They didn’t just check a box. They built a proactive system that’s understood, maintained, and owned by the whole team.

Want to make cybersecurity part of your everyday operations?

Start your free trial of Cyberday today.