Web site refresh and migration

Tuomas Tonteri

Tuomas Tonteri

Senior Security Architect, CEO @ elfGROUP

Welcome to the refreshed elfGROUP web site.

We have been using HubSpot for the past few years as a CRM platform, marketing automation tool and a website hosting platform. Few months back we made the decision to transition to a more lightweight, customizable, performant and secure approach, which we are also hosting on our own elfCLOUD servers. The site is built with Docusaurus and allows us to do flexible and straightforward updates, focusing on the content quality.

As we go live today, not all of the content is yet migrated. We are not just copying the old content, but updating and improving it in many ways. Most essentially selected blogs, customer cases and references are yet to be migrated, which we hope to complete still in September.

One noticeable change is that we've dropped the Finnish version and a lot of the cyber security articles and pages that were more targeted to "B2B general public" audience, with perhaps less cyber security domain knowledge. We have come to realize, that our customer segment is very well informed on the subject matter and we want to direct all of our energy to providing accurate and to-the-point information that all of you deserve and expect from us.

Welcome to the new site and let us know if you have any thoughts or comments on the changes made and how can we further improve.

Circumstances considered, have a great remaining 2020 and stay safe.

Best regards, Tuomas.

Web site refresh and migration

Tuomas Tonteri

Tuomas Tonteri

Senior Security Architect, CEO @ elfGROUP

Welcome to the refreshed elfGROUP web site.

We have been using HubSpot for the past few years as a CRM platform, marketing automation tool and a website hosting platform. Few months back we made the decision to transition to a more lightweight, customizable, performant and secure approach, which we are also hosting on our own elfCLOUD servers. The site is built with Docusaurus and allows us to do flexible and straightforward updates, focusing on the content quality.

As we go live today, not all of the content is yet migrated. We are not just copying the old content, but updating and improving it in many ways. Most essentially selected blogs, customer cases and references are yet to be migrated, which we hope to complete still in September.

One noticeable change is that we've dropped the Finnish version and a lot of the cyber security articles and pages that were more targeted to "B2B general public" audience, with perhaps less cyber security domain knowledge. We have come to realize, that our customer segment is very well informed on the subject matter and we want to direct all of our energy to providing accurate and to-the-point information that all of you deserve and expect from us.

Welcome to the new site and let us know if you have any thoughts or comments on the changes made and how can we further improve.

Circumstances considered, have a great remaining 2020 and stay safe.

Best regards, Tuomas.

Case FCG Talent

Tuomas Tonteri

Tuomas Tonteri

Senior Security Architect, CEO @ elfGROUP
Case FCG Talent

Case FCG Talent: Reassurance to Cyber Security in Cooperation with Cyber Security Specialists

FCG Talent is a Finnish company that develops modern, innovative and user-friendly software solutions for recruitment, HR data management and personnel introduction and development. Their best-known product is the Kuntarekry.fi service, a recruitment portal used by nearly every municipality in Finland, with almost 2 million users. Technology Manager Petri Tuomaala from FCG Talent describes information security as one of the pivotal factors in their products and processes.

FCG Talent looked for an external actor to examine their R&D operations and the level of their information security. According to Mr. Tuomaala, internal processes can be developed to a certain point in-house, but to get to the next level, external opinion and specialists are needed for an out-of-the-box view.

“Paying attention to information security is important in software development and demands continuous attentiveness. This cooperation with elfGROUP gives us reassurance and cyber security specialist view – that’s what we are willing to pay for,” Mr. Tuomaala states.

The cooperation has had flexible ways of working from the beginning. Service and help have been available in agile manner, responding quickly to service requests. Real-time communication and reporting without delay enable reacting to all possible findings immediately.

Comprehensive cyber security work ahead

FCG Talent has been in cooperation with elfGROUP since spring 2018. They have a continuous, monthly-based contract on cyber security work that concentrates on improving cyber security in a topical matter each month. Within the monthly work, elfATTACK cyber security testing has been carried out to FCG Talent’s all products, including their different user interfaces and user roles. Continuously developing software demands continuous cyber security work, where this monthly cooperation fits in perfectly.

The cooperation that has lasted already for 1.5 years, has advanced from cyber security testing to more comprehensive cyber security awareness. Lately, the work has concentrated on developing FCG Talent’s R&D processes and ways of working. The OWASP ASVS analysis has been carried out to support this work, to find the next steps that lead the information security work forward. Tuomaala envisions that in the future the cooperation concentrates more on functional specifications.

“Cyber security assurance taking place afterwards isn’t the most efficient way of operating. In the future, our objective is to develop this cooperation to affect our processes on a deeper level and thereby improve paying attention to cyber security aspects in as early stage as possible,” Tuomaala explains.

R&D that considers cyber security aspects from the beginning is both cost-effective and time-saving, when corrective rounds are not needed for software that is ready for launch, but instead the information security has been part of every stage of the development work and in all layers of the software architecture. Cyber secure software products are ready for market quickly, and the time-consuming corrective rounds won’t delay the profitability of the software.

elfGROUP ISO 27001 Certified

Tuomas Tonteri

Tuomas Tonteri

Senior Security Architect, CEO @ elfGROUP
elfGROUP accomplished ISO 27001 Information Security Management System (ISMS) certification

elfGROUP accomplished ISO 27001 Information Security Management System (ISMS) certification

elfGROUP’s all operations have been certified according to the internationally recognised information security management system standard ISO 27001. Bureau Veritas has audited our operations and granted us the certification on July 3rd, 2019. We announced our ISO 9001 news this April, and now our certification portfolio includes also the information security management certification. The certification audit was a thorough process for the whole company. The audit was carried out for both the ISO 9001 quality management system and the ISO 27001 information security management system at the same time.

Persistent work to achieve the certifications

For several years now, we’ve carried out internal development activities with process and quality control improvements, as well as creating an operational handbook that documents and aligns all elfGROUP’s practices. Developing and implementing work instructions, policies and guidelines to standardize our internal procedures and our way of fulfilling different assignments has formed a big part of the development work that our COO Katja Tonteri has lead. Throughout the years it has been important and rewarding to see these policies come alive and become an integral part of our daily work.

The ISO standard conformity has required a lot of documenting of our procedures and events. Also many of the already existing administrative and technical information security practices we had to put in writing and ensure that the defined way is consistently practised. We have experienced this development as a positive improvement – although documentation and all this formality brings along some extra work, it’s definitely worth the effort. For example, defining and actually following your risk management process, or specifying organizational roles, are often easily left undone in a small company. However, according to my experience with elfGROUP’s small organization of 15 people, such standards driven management system is a solid foundation for developing the company and the business. The standardized framework is very comprehensive and is well suited to many different industries.

For sure, the audit wasn’t just a documentation exercise. elfGROUP’s chief information security officer and senior cyber security specialist Markus Hamara and IT manager Edward Shornock got to, amongst other things, showcase our readiness for a disaster recovery of critical IT systems in a simulated situationwhere the primary data center would not be available at all.

Fluent cooperation

This development work hasn’t been done in isolation, although information security work is often surrounded by a veil of secrecy. Already for a long time we have worked in cooperation with Oulu Business Networks’ (OBN) quality, process and business development specialists. Also, the cooperation with Bureau Veritas during the audit process was very fluent. I’d like to take this opportunity to thank all our cooperation partners who have supported us and especially elfGROUP’s personnel for their continued commitment in the quality and information security focused operations in our everyday work.

We have already received positive feedback from few of our customers concerning the certification news. The certifications build up credibility in our operations and in the confidentiality statements we provide our customers with. I believe that all the experience and know-how accumulated from this development work will contribute to our cyber security excellence and will directly benefit also our customers.

See our ISO 27001 certificate here.

elfGROUP ISO 9001 Certified

Tuomas Tonteri

Tuomas Tonteri

Senior Security Architect, CEO @ elfGROUP
elfGROUP is certified with the ISO 9001

elfGROUP is certified with ISO 9001

elfGROUP’s operations have been certified according to the internationally recognised quality management system ISO 9001:2015. Bureau Veritas has audited our operations and granted us the ISO 9001 certification on April 12th, 2019.

The ISO 9001 standards provide guidance and tools for companies and organizations who want to ensure that their products and services consistently meet customer’s requirements, and that quality is consistently improved. It is based on quality management principles, such as customer focus, process approach and fact-based decision making, to name a few.

See our ISO 9001 certificate here.