Pirkanmaan Jätehuolto is a municipal waste management company operating in the Pirkanmaa region of Finland. As part of the critical infrastructure sector, the company faced increasing regulatory pressure with the introduction of the EU's NIS2 Directive. Antti Pessinen, Head of IT, led the effort to ensure compliance.
They needed a tool that would help them structure their response, build internal know-how, and avoid outsourcing critical understanding. That led them to Cyberday.
The goal wasn’t just compliance
When news broke that the NIS2 Directive would apply to their industry, Pirkanmaan Jätehuolto realized they needed a better way to manage cybersecurity requirements. They were used to working with frameworks like ISO 14001, but cyber regulation presented new demands.
Antti recalls that the team initially considered multiple tools and even the possibility of bringing in a consultant:
“We looked at four or five solutions. Some offered just a blank canvas and a list of requirements. That wasn’t good enough.”
The key issue was not just documenting compliance but understanding it and maintaining that knowledge over time.
Instead, the team sought a solution that would guide their work, build internal expertise, and help integrate cybersecurity into everyday processes.
Turning requirements into real responsibility
After evaluating their options, the team chose Cyberday primarily for its structure and clarity.
“What we liked was how Cyberday guided the process. It doesn’t assume you already know what to do, but it helps you learn by doing.”
Rather than outsourcing the work, Pirkanmaan Jätehuolto decided to lead the project internally. They structured the implementation as a formal project, complete with an internal steering group that included executive leadership. This helped ensure company-wide buy-in and gave the effort visibility across departments.
Each section of the framework was assigned an owner. The team made a conscious effort to avoid putting everything on a single person’s shoulders:
“This isn’t one person’s job. Everyone needs to know their responsibility. That way, cybersecurity becomes a normal part of our operations.”
Cyberday’s built-in guidance and clear hierarchy helped the team roll things out in phases. It also made it easier to bring other staff on board, with instructions that were understandable and accessible.
“We’ve had very little negative feedback. People find the instructions easy to follow and the content is in plain language.”
From planning to practice
Pirkanmaan Jätehuolto began the Cyberday implementation in spring 2024, aiming to meet the NIS2 compliance deadline of October 18, 2024 — the date by which EU member states were required to implement the directive into national law.
“By the October deadline, we were basically done, just finishing up the last few items.”
Pirkanmaan Jätehuolto decided not to wait. They proactively adopted Cyberday’s NIS2 framework and prepared for the upcoming requirements early. This positioned them ahead of others.
When the national cybersecurity act framework became available in Cyberday, the team incorporated it right away. The remaining updates, mainly related to physical security, were finalized in early 2025. According to Antti:
“We’re in a place now where we can say the work is done. By midsummer, we’ll be fully aligned and not worried about what’s coming.”
Cyberday has since become their central tool not only for NIS2 but also for GDPR and broader information security documentation. They're now planning to migrate privacy documentation into Cyberday as well, replacing older systems.
They’ve also started using Cyberday’s content as a foundation for staff training, linking policies and responsibilities to a learning platform.
“Our updated security and privacy policies are based on the work we did in Cyberday. It’s helped us bring clarity across the organization.”