Contact

NIS 2 Implementation and Supply Chain Risk Mitigation in an Energy Company

Client

A power company responsible for the transmission and distribution of electricity to several thousand customers in a region of the country.

Challenge

The company needed to bring its organization into compliance with the NIS 2 directive and improve security in the supply chain area. Key elements of the project included:


Identifying security gaps in ICT systems and critical infrastructure supporting energy supply.


Introducing mechanisms to monitor risks associated with third-party suppliers, including ICT service providers.

Increasing awareness among key personnel regarding cyber threats and new regulations.

What we did?

ICT security audit

We conducted an analysis of the client’s ICT systems, covering networks and key operational processes. We identified security gaps, including deficiencies in software updates and risks arising from inadequate access and privilege management.

Risk management in the supply chain

We have put in place appropriate policies for working with key suppliers, such as requiring regular audits and security reports.

Implementation of basic monitoring mechanisms

We implemented a simple network traffic monitoring and alerting system to quickly identify potential threats.

Basic incident response plan

We have developed a simplified response plan, including procedures for isolating infected systems and notifying the appropriate people.

Training
  • Technical staff: Workshop on basic incident management, including responding to phishing and ransomware malware attack attempts.
  • Management Staff: Training on NIS 2 directive requirements and cyber security risk management.

Customer benefits

Identification and elimination of key gaps

Thanks to the audit, the company has improved security in key areas.

Raise awareness

Staff training has helped speed up the process of identifying risks.

Security in the supply chain

Establishing rules for working with suppliers has increased operational security.

Basic preparation for NIS 2

The company has begun to comply with regulatory requirements without incurring excessive costs.

Summary

The implementation of limited measures has allowed the power company to significantly improve security and minimize the risk of cyber attacks.

These actions were the first step toward full compliance with the NIS 2 directive, and through simple and effective solutions, the company has optimized its cyber security resources.

Explore Our Case Studies

  • Chemical Company

Supply of equipment and systems integration for chemical manufacturer

  • Manufacturing Company

Audit and prepare your organization for ISO/IEC 27001 certification and NIS 2 compliance

  • Local Government Unit

Centralized SOC for the city of Rzeszow

Security isn’t a cost.

It’s an investment in stability and long-term growth.

Leave your contact details and we will show you how to protect your organization at every stage.

Contact

+48 22 112 06 83
[email protected]
ul. Adama Branickiego 13
02-972 Warsaw, Poland
Legal Notice
Privacy Policy

Cybersecurity Systems

IT Security
Implementation and integration of cybersecurity systems

Consulting

Cyber compliance
Innovative Consulting

Threat detection and incident response

Cyber Threat Intelligence
SOC & CSIRT
Penetration Testing
Computer forensics

ComCERT – What we do?

For shareholders
ComCERT SA with its registered office in Warsaw (02-972) at ul.Adama Branickiego 13, entered under KRS number 0000406425 in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw, XIII Economic Division of the National Court Register; NIP 5252524691, REGON: 145934931, BDO 000591964; share capital PLN 136,000, paid in full, has the status of a large entrepreneur within the meaning of the Act of 8 March 2013 on Counteracting Excessive Delays in Commercial Transactions.