Security consulting and audits

ComCERT has a portfolio of audit services related to applicable standards and regulations. These projects are dedicated both to entities that want to analyse their cybersecurity strategy and perform gap analysis, and those that need a specific type of audit due to legal requirements. ComCERT specialists are certified auditors with years of experience. Moreover, ComCERT experts conduct trainings and advise our Customers in this area. ComCERT meets the needs related to ISO standards (including 27001, 22307) or GDPR requirements. Projects related to implementation of requirements of the National Cybersecurity System Act are an important element of ComCERT’s operations. ComCERT has actively participated (by providing comments, questions, and change suggestions) in the preparation of the Act and its implementing regulations. Even after the amendments were published and came into force, we have remained in contact with the Ministry of Digitisation, asking a number of questions about the interpretation of individual provisions of the Act and receiving answers to these questions. Thanks to the experience gained through ComCERT’s active involvement in the shaping of the act, our experts have developed a methodology of audit and implementation works offered to Key Service Operators. Since the National Cybersecurity System Act came into force, ComCERT has implemented numerous projects aimed at supporting entities from various sectors in adjusting to the new requirements.

A separate group of audit services includes maturity analyses offered to SOC and CERT/CSIRT teams. ComCERT bases these services on the SIM3 methodology and our own SUOPT methodology (dedicated to SOC teams audits). Over the years, ComCERT has carried out a number of projects the key services of which included audits and implementations of Information Security Management System or Business Continuity Management System. Since the National Cybersecurity System Act came into force, ComCERT has successfully begun supporting Key Service Providers in bringing an entity into compliance with statutory requirements and conducting compliance audits according to the statutory schedule. So far, the clients for these services have primarily included critical infrastructure entities as well as Key Service Operators in the healthcare and financial sectors. Also SOC and CERT/CSIRT teams eagerly benefit from ComCERT’s expertise and experience as evidenced by their interest in SIM3 methodology that we use. Within the framework of the projects that we conduct, ComCERT offers gap analysis with recommendations for reaching the desired level of team maturity, consulting services as well as audits conducted by certified specialists.