Skip to content
Security incident? Call: +48 732 059 711
Cydefen
pl en
Regulated and responsible

Compliance that stops being a costume

NIS2, DORA and ISO 27001 done the way regulators actually want them — real controls, real evidence, real risk reduction.

🇪🇺

NIS2 compliance

Gap analysis, remediation roadmap and evidence pack for essential and important entities.

NIS2 service
🏦

DORA compliance

Digital Operational Resilience Act — ICT risk, third-party oversight, incident reporting, resilience testing.

DORA service
📜

ISO 27001 implementation

From gap analysis to certification — ISMS design, policies, risk register and audit prep.

ISO 27001 service

ISO 9001 implementation

Quality management system — from process analysis to certification. We are ISO 9001 certified ourselves.

ISO 9001 service
🖥️

IT system audit

Comprehensive IT infrastructure audit — configuration, security, business continuity.

IT audit
🏛️

KRI audit

National Interoperability Framework compliance — mandatory for Polish public entities.

KRI audit
🛡️

UKSC audit

Polish Cybersecurity Act audit — essential service operators and digital service providers.

UKSC audit

Accessibility audit

WCAG 2.1 AA / Digital Accessibility Act — audit, report and remediation plan.

WCAG audit
🔒

GDPR audit

GDPR compliance assessment — processing registers, DPIA, policies, incidents, data subject rights.

GDPR audit
What you gain

Outcomes you can defend in front of the regulator

Honest gap analysis

We don't sell fear. You get a clear picture of where you are, where you need to be and what it will actually cost.

Remediation roadmap

30/60/90-day plan with priorities, owners and acceptance criteria. Not a PDF that gathers dust.

Evidence pack

Policies, procedures, risk register, training logs — structured the way auditors and regulators expect to see them.

Board-ready reporting

Monthly compliance dashboard your CFO and CEO can actually read — no ISO jargon, just status and risk.

Auditor coordination

We talk to your auditor directly — save your team from the Q&A back-and-forth.

Ongoing maintenance

Compliance is not a one-off. We keep the ISMS alive — annual risk reviews, new controls, regulator updates.

How we work

From gap analysis to clean audit

  1. 01

    Assessment

    Interviews, document review, technical sampling — we learn what exists and what is missing.

  2. 02

    Gap report

    Written gap analysis mapped to the framework, with priority, effort and business impact for each gap.

  3. 03

    Remediation

    We help you close the gaps — policies, controls, training, technical hardening, evidence collection.

  4. 04

    Audit support

    We attend the audit with you, answer the auditor directly, and help you land a clean report.

FAQ

Frequently asked questions

Do you certify or just consult?
We consult and implement. Certification is always performed by an independent accredited body — we prepare you for it.
How long does NIS2 alignment take?
Depending on maturity: 3–9 months. Gap analysis alone takes 3–4 weeks.
Can you help us choose between NIS2, DORA and ISO 27001?
Yes — they overlap heavily. We start with a 1-hour call to understand your obligations and recommend a sensible path.
Do you help with the technical controls too?
Yes. Our pentest, training and implementation teams deliver the technical side so you get a turnkey program.
What does it cost?
Gap analysis is fixed-price. Remediation is scoped to your environment. Book a consultation to get a concrete proposal.
How is ongoing compliance billed?
Annual retainer with a fixed scope of hours and clear SLAs — no surprise invoices.

Start with a free compliance scoping call

30 minutes, we identify your obligations and propose a sensible path forward.

Book a consultation See other services