All case studies
Security

How Estonia's largest hospital runs its ISMS on Cybsis

Estonia's largest hospital runs its E-ITS as a living system in Cybsis — one place where every measure, owner and deadline stays under control, instead of spreadsheets.

200+users in one ISMS

At a glance

  • Sector: Healthcare — Estonia's largest hospital
  • Product: Cybsis, our information-security management platform
  • Scale: ~200 users, 25+ measure owners, one shared ISMS

Challenge

For a hospital this size, information security is not a box to tick. It runs E-ITS — Estonia's national information-security standard — not to earn a line in an audit report, but to genuinely raise its security maturity. In the words of its security lead: "we don't treat E-ITS as a tick in a report; the goal is to actually implement the measures and lift our security to a mature level."

That means hundreds of controls, dozens of people accountable for them, and a standard revised every year. Run on spreadsheets it buckles: ownership blurs, the implementation plan drifts out of date, and every annual revision means redoing the register by hand. What the hospital needed was not another report but a living system — one place where every measure, owner and deadline stays visible and under control between audits, not just at sign-off.

Approach

The hospital runs its information-security management on Cybsis, RaulWalter's ISMS platform. Instead of a static spreadsheet, Cybsis holds the whole standard as a living system: every measure mapped, every owner assigned, every deadline tracked, with the implementation plan continuously and actively maintained. Assets, processes, risks and controls are linked, so when something moves the work it creates surfaces instead of drifting silently. When an auditor asks what has been done this year, the evidence is a click away — and because the standard's yearly revisions flow through the platform, the hospital absorbs them without rebuilding the register by hand.

The hospital came on as an early adopter and grew with the product, shaping it through direct feedback as it matured — and, by its security lead's own account, the recent releases have made that bet pay off.

Outcome

The hospital's information-security management moved from spreadsheets nobody could keep current to a system it runs, and trusts, every day.

  • E-ITS as a living implementation plan — every measure, owner and deadline in one place, continuously tracked, not a static table
  • ~200 people work in one shared ISMS, with 25+ measure owners accountable in-system
  • Audit-ready by default — what's been done is linked to each measure, evidence a click away
  • Manual, repeated work cut — especially across the standard's yearly revisions, where a spreadsheet would have meant rebuilding the register
  • A reference customer — the hospital now points peer hospitals to Cybsis on its own initiative
Next case study

National data-exchange platform & cybersecurity capability build-out

Standing up a nation's interoperability platform and cybersecurity capability — from impact assessment to a live X-Road, end to end.

View