Contact

Audit and prepare your organization for ISO/IEC 27001 certification
and NIS 2 compliance

Client

A manufacturing company operating in the industrial sector, specializing in the design and production of advanced machinery and equipment for the construction industry.

Challenge

The client aimed to certify its organization under the international ISO/IEC 27001 standard to strengthen information security and enhance its competitiveness in the market.

Additionally, with the introduction of the NIS2 Directive, it became necessary to align ICT processes and systems with the new regulatory requirements — particularly in the areas of risk management and critical infrastructure protection.

What we did?

1. Preliminary audit
  • We conducted an analysis of the current state of information security and compliance with ISO/IEC 27001 and NIS Directive 2 requirements.
  • We identified gaps in existing policies, procedures and instructions
2. Develop an action plan
  • We prepared a detailed action plan that included the implementation of the missing elements of the Information Security Management System (ISMS).
  • We included alignment with NIS 2 requirements, including incident management and risk management procedures.
3. Prepare appropriate policies and procedures
  • PWe prepared relevant documents in areas including information classification, access management and incident response.
  • We conducted risk estimation workshops that considered key information assets and their potential risks.
4. Verification
  • We verified the compliance of the documentation and implemented solutions with the requirements of the international standard ISO/IEC 27001.
5. Training
  • We conducted dedicated training for key staff members covering risk management, the role of the ISMS, and the requirements under the NIS 2 directive.
6. Certification support
  • We supported the client during the ISO/IEC 27001 certification audit, ensuring compliance of processes and documentation.
  • We developed a schedule for further monitoring and improvement of the ISO/IEC 27001 and NIS 2 compliant system.

Benefits for the customer

ISO/IEC 27001 Certification

The client has been certified to an international standard, which has increased its competitiveness in the market and credibility in the eyes of its business partners.

NIS2 compliance

The company has ensured that appropriate procedures are in place with regard to risk management and incident response, meeting the requirements of the directive.

Enhanced security

New policies and procedures have helped systematize and standardize security processes.

Better staff awareness

Training has raised the team’s level of knowledge and preparedness for potential threats.

Summary

A comprehensive audit conducted by ComCERT enabled the client to achieve ISO/IEC 27001 certification and align with the requirements of the NIS2 Directive.

As a result of the implemented improvements, the company significantly enhanced its overall information security posture and strengthened its market position by establishing itself as a responsible and trusted partner.

Follow the case studies

  • Chemical Company

Supply of equipment and systems integration for chemical manufacturer

  • Energy Sector Company

NIS 2 Implementation and Supply Chain Risk Mitigation

  • Local Government Unit

Centralized SOC for the city of Rzeszow

Security isn’t a cost.

It’s an investment in stability and long-term growth.

Leave your contact details and we will show you how to protect your organization at every stage.

Contact

+48 22 112 06 83
[email protected]
ul. Adama Branickiego 13
02-972 Warsaw, Poland
Legal Notice
Privacy Policy

Cybersecurity Systems

IT Security
Implementation and integration of cybersecurity systems

Consulting

Cyber compliance
Innovative Consulting

Threat detection and incident response

Cyber Threat Intelligence
SOC & CSIRT
Penetration Testing
Computer forensics

ComCERT – What we do?

For shareholders
ComCERT SA with its registered office in Warsaw (02-972) at ul.Adama Branickiego 13, entered under KRS number 0000406425 in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw, XIII Economic Division of the National Court Register; NIP 5252524691, REGON: 145934931, BDO 000591964; share capital PLN 136,000, paid in full, has the status of a large entrepreneur within the meaning of the Act of 8 March 2013 on Counteracting Excessive Delays in Commercial Transactions.