SECUREA, s.r.o.
  • English
  • Slovenčina

Our services

GRC (Governance, Risk, and Compliance) in cybersecurity includes strategic management, risk identification and minimization, and compliance with legal and internal regulations in the digital environment.

It is a framework that connects technology, processes, and regulations into a single security system.

It is an integrated approach that helps organizations:

  • Manage security processes effectively and transparently
  • Identify and mitigate risks that threaten their digital assets
  • Comply with laws, standards, and internal policies, such as GDPR, ISO 27001, NIS2
GRC - governance, risk management, and compliance

Services for ensuring compliance with legislative requirements and cybersecurity standards, GRC.

Initial analyses of the state of cybersecurity (CS) management

  • Gap analysis against selected important regulations: NIS2/ZoKB, ISO27001, TISAX
  • Business Impact Analysis (BIA)
  • Risk analysis according to ISO27005
  • Setting security objectives, classification of assets, categorization of systems and networks

Preparation for compliance with the requirements of NIS2 and Act 69/2018 Coll. on cybersecurity (ZoKB)

  • Comprehensive information security management system (ISMS) management, internal reporting, internal audit, process control
  • Assistance with the implementation of a KB management system in accordance with ZoKB requirements
  • Assistance with the preparation of documentation and supporting materials for the NBÚ ZoKB/ audit

Related legal and auditing services

  • Legal support in interpreting and applying legislative and normative requirements (e.g., NIS2, ZoKB, ISO standards)
  • Assistance in preparing the legal parts of internal guidelines, policies, and ISMS documentation
  • Advice on fulfilling notification and reporting obligations to supervisory authorities
  • Ensuring the performance of cybersecurity audits within the meaning of Act 69/2018, which verifies compliance with obligations and assesses the conformity of security measures with the requirements of the Act and related regulations
  • Legal opinions on audits, inspections, and certification processes
ISMS system and preparation for certification

Implementation of the ISMS system and preparation for certification.

Development of the ISMS system

  • Complete ISMS documentation according to ISO 27001:2022
  • Policies, guidelines, internal standards
  • Incident management processes (procedures, reporting, escalations)
  • Change management, business continuity (BCP/DRP)
  • Subcontracting and contractual requirements (contract security clauses)

Preparation for certification

  • Preparation for ISO27001 certification audit
  • Preparation for TISAX audit (VDA ISA reporting)
  • Preparation for CS audit

CISO-GRC-Governance, Risk, Compliance performance support

  • Platform for managing the entire ISMS system, including documentation, templates, audit trails, mappings between NIS2, ISO 27001, TISAX, DORA
  • Pre-prepared frameworks: ISO 27001:2022, TISAX 6.0, NIS2, DORA
  • Integrated risk management and reporting functions

Related legal services

  • Legal support in preparing documentation for certification audits
  • Legal assessment of contractual obligations in relation to suppliers and partners
  • Assistance in preparing the legal parts of ISMS documentation
  • Legal advice in the area of compliance and governance
CS manager services

Cyber security manager services

Cybersecurity manager (CSM) services

  • Provision of cybersecurity manager services in accordance with legislative requirements
  • Supervision of the state of cybersecurity management
  • Revision and updating of documentation

Consultations in the field of cybersecurity

  • Provision of expert consultations in accordance with the new NIS2 law and the environment of the operator of an essential service, operator of a critical essential service

Review and reassessment of security policy, methodology, and strategy

  • Modification, processing, and revision of the security policies of the operator of an essential service and subsequent proposal for implementation in practice
  • Revision of the duties of the Security Committee to ensure effective cybersecurity management

Security measures

  • Design, management, and implementation of security measures in the cybersecurity management system depending on the classification of information and categorization of networks

Classification of information and categorization of networks and information systems

  • Management and processing of services, supporting documents, and documents related to the classification and categorization process itself
  • Inventory of information assets
  • Risk and impact analysis

Amendment and drafting of guidelines

  • Preparation of practical manuals for operation
  • Control and monitoring of architecture changes (release management)
  • Updating of management documentation in accordance with amendments to Act 69/2018 Coll.
  • Updating of management documentation in accordance with amendments to Act 95/2019 Coll.

Training

  • Mandatory employee training (ZoKB training)
  • Training for management and key employees on ISMS processes
  • Cybersecurity awareness training

Related legal services

  • Legal review and revision of security policies and internal regulations
  • Legal support in preparing documentation for the security committee and internal processes
  • Drafting contractual clauses and conditions relating to security
  • Assistance with training on legal content (e.g., GDPR, ZoKB legal aspects)
Technical solutions for security

Technical solutions for security

On-demand activities and services provided by third-party partners.

SOC services

  • Provision of Security Operations Center services
  • 24/7 security event monitoring
  • Incident response and escalation
  • Reporting and compliance reporting

Testing activities

  • Internal and external penetration testing
  • Simulated phishing campaigns (at least twice a year)
  • Incident response simulations (at least once a year)

Technological security check (optional scope and pricing)

  • Security sensor for passive threat detection (network monitoring)
  • Log management & SIEM design to support audit trails

Related legal services

  • Legal assistance in resolving incidents and security events
  • Legal advice on the results of penetration tests and other security checks
  • Drafting or revision of contracts and agreements with SOC, pentest, SIEM, and other service providers
Related Legal Services

Services on request, provided by a partner law firm with many years of experience in providing services in the field of information and cyber security.

  • Provision of legal advice on legislative requirements in the field of cyber security (NIS2, ZoKB, GDPR and other relevant regulations)
  • Legal support in the implementation of security measures and the preparation of internal guidelines and policies
  • Assistance in the preparation and review of contractual documentation from a cybersecurity perspective (e.g., subcontractor agreements, SLAs, security clauses)
  • Legal support in communication with state authorities (e.g., NBÚ, ÚOOÚ), including the preparation of notifications and responses
  • Preparation of legal opinions, internal analyses, and supporting documents for audits and certifications