Setting up an IT Governance Office to oversee IT processes
Getting audit-ready for ISO 27001 or implementing ITIL processes
Identifying critical systems and creating BIA and BCM plans
Review of existing policy sets and access-management rules for hybrid environments
Preparing for regulation (NIS2, DORA, GDPR, AI Act), implementing Data Governance according to current requirements
Audit and analysis of IT-environment risks: identifying weaknesses, assessing impacts, and proposing corrective measures
We audit, revise and update directives and planning documents, supplying anything that is missing. We introduce version control, approval workflows and control mechanisms to ensure compliance with legislation, internal policies and international standards (e.g., ISO 27001, ITIL, COBIT, CIS, NIST).
Our work doesn’t stop at drafting: we also help implement risk-management plans, crisis-response procedures and operation recovery protocols in case of an outage.
Policies and planning documents are a foundation of a functioning IT Governance: they are key to setting the rules, responsibilities and processes that steer the IT environment. Every solution we create is tailored to the organisation’s needs – and we verify that it works in practice.
• Policy reviews and updates to reflect applicable regulations (e.g., NIS2, DORA, GDPR, AI Act)
• Security and access management
• Change management – development, testing, deployment, etc.
• Incident management
• Backup and data recovery
• Business Impact Analysis (BIA) – analysis of the impact of service and process outages
• Business Continuity Plan (BCP) – a plan to ensure continuity of operations
• Disaster Recovery Plan (DRP) – a plan of IT systems restoration after an outage
• Incident Response Plan – a response plan in case of security incidents
• Including MDM, metadata management, and compliance
• COBIT, ITIL, ISO 38500, DAMA
We reviewed the existing policy framework of a medium-large, non-bank financial company. The project included a comprehensive audit of current directives to identify areas needing updates. Based on the identified needs, we proposed new directives and processes to ensure compliance with applicable legislative requirements and internal policies.
We helped a mid-sized regulated financial company who had no recovery plans develop a full Business Impact Analysis (BIA), identifying critical systems and setting up recovery parameters (RTO, RPO). We also helped with Disaster Recovery Plan (DRP) documentation as a part of Business Continuity Management (BCM). The project included practical implementation of plans, designed to support crisis response and the restoration of operations.
We carried out an audit/risk analysis and review of the IT environment of a power sector business. We identified weak points, assessed potential business impacts, and proposed measures to minimise risks, delivering a strategic plan to mitigate the identified risks tailored to meet both the company’s specific needs and applicable regulations.
We carried out a gap analysis to achieve compliance with NIS2, focusing on differences between the client’s current IT-security set-up and the regulation’s requirements. Based on the gaps, we produced an action plan to meet legal obligations, including recommendations for required security measures and process changes, helping the client achieve audit readiness and strengthen protection against cyber threats.
