Kopun revizija & Kimel filtri case study

Introduction

This is our first case study featuring two companies at the same time. The reason is simple – both Kopun and Kimel Filtri already had a decent level of cybersecurity in place, but each had specific areas that needed improvement. For one, the focus was on standardising procedures and educating employees; for the other, the priority was modernising IT infrastructure. Together, these projects demonstrate how even existing, relatively secure systems can be taken to a higher level of preparedness and resilience.

The NIS2 Directive introduces stricter cybersecurity and compliance requirements for all organisations that provide essential and important services within the European Union. However, in practice, its impact reaches far wider – an increasing number of businesses, regardless of size or industry, must prove high security standards due to client and partner demands and the growing risk of cyber incidents.


Below, we share two real-world examples – Kopun and Kimel Filtri – which show how a structured approach can significantly enhance security, transparency, and operational efficiency.

Kopun: From frequent security queries to proactive control and clear procedures

About the company

Kopun is a family-owned business with around 30 employees, specialising in business consulting, auditing, and accounting services. Although they are not legally bound by the NIS2 Directive, most of their clients operate in sectors with heightened regulatory requirements.

Challenges

  • An increasing number of client inquiries about how their data is processed and protected.

  • The need to unify internal rules and processes to prevent errors and ensure quick response in case of an incident.

  • Risk of reputational damage and loss of trust without formal evidence of compliance and security.

Our approach

We began the project with a detailed gap analysis of compliance with the NIS2 Directive, providing a clear picture of the current state and concrete recommendations for improvement.

Key steps

  • Penetration testing – simulating attempts to compromise the system, identifying technical vulnerabilities and weaknesses in the security approach.

  • Drafting internal policies and procedures – creating documents for IT administrators and handbooks for all employees, focusing on roles, responsibilities, and behaviour rules (e.g., how to act in case of a suspected incident, how to use company devices, how to manage passwords).

  • Team training – workshops and informational materials providing employees with fundamental knowledge and practical tips.

Results

  • A significant reduction in repetitive client inquiries, thanks to formal policies and procedures that can be easily presented.

  • Elevated internal security standards and clearly defined processes that prevent unplanned risks.

  • Greater trust from both current and prospective business partners.

Kopun on the collaboration

“The collaboration allowed us to take a structured approach to cybersecurity – from technical testing to drafting concrete internal procedures and team training. Even though we are not formally subject to NIS2, we recognised the importance of proactive data protection for our clients and our reputation. Now we have clear security standards, can communicate transparently with partners, and know how to respond to incidents. It’s an investment that has paid off many times over.”

Kimel Filtri: Comprehensive IT system modernisation and compliance with the Cybersecurity Act

About the company

Kimel Filtri is a family-owned company with over 30 years of tradition, and one of the leading manufacturers of air dust extraction and filtration systems.

Challenges

  • An ageing IT infrastructure unable to keep up with modern security challenges.

  • Inadequate access control and lack of centralised user management.

  • The need to comply with the Cybersecurity Act and prepare for NIS2 Directive requirements.

Our approach

The project began with a comprehensive review of the existing IT infrastructure, mapping systems and processes, and identifying critical risk points.

Key activities

  • Creating an IT improvement plan – prioritising investments and setting an implementation timeline.

  • Procuring and configuring new network and server equipment – replacing outdated core infrastructure.

  • Implementing Active Directory – centralised management of user rights and improved access control to data.

  • Deploying a secure backup solution – ensuring resilience and the ability to recover quickly.

  • Internal penetration testing – verifying security after modernisation.

  • Producing complete documentation and security procedures – ensuring compliance with applicable laws and regulations.

  • Employee training – familiarising the team with new procedures and tools.

Results

  • A more stable, faster, and secure IT system that supports business growth.

  • Implemented measures that provide reliable proof of compliance and increase competitiveness.

  • Employees trained to recognise and report threats.

  • Established processes that significantly reduce operational risks and boost resilience against attacks.

Kimel Filtri on the collaboration

“Modernising our IT systems and aligning with regulatory requirements was a necessary step towards safer and more efficient operations. Through this collaboration, we gained a clear plan, hands-on support for technical implementation, and all the procedures that now form the backbone of our digital security. Today we have systems that match our business needs, trained employees, and compliance evidence we can confidently present to clients and partners.”

Conclusion: Timely Action and a Structured Approach Are Key to Security and Trust

These examples show that even if you are not directly bound by the NIS2 Directive, standardising security procedures and modernising infrastructure is not a luxury, but a necessity.

Whether you are a family business with a dozen employees or a manufacturing company with hundreds of partners, the common factors are the same:

  • timely risk assessment

  • clear internal documents and procedures

  • training for all employees

  • technical and organisational measures that bring long-term benefits

If you are considering assessing your current state, planning improvements, or simply want to talk about the NIS2 Directive and the Cybersecurity Act, feel free to contact us.


Together, we can raise your organisation’s security and resilience – step by step.

Ready to take your business security to the next level?

Great! Leave us a note and we'll get back to you as soon as possible.