Information security is one of the most important factors that affect the proper functioning of entities in the broadly understood public and economic sphere. We have many years of experience in comprehensive support for public sector entities and business entities in the field of information security, including personal data protection, protection of classified information, protection of trade secrets, other legally protected secrets, cybersecurity, as well as in the field of broadly understood internal security issues. Additionally, we offer support in the implementation of obligations arising from the regulations on combating money laundering and financing of terrorism, as well as regulations on the protection of persons reporting breaches of law (whistleblower protection).
We focus on providing support in the following areas:
Personal data protection, particularly in the following areas:
- conducting audits of the information security management system with a focus on personal data protection, based on the PN-ISO/IEC 27001 standard,
- creating personal data security documentation,
- supporting the Data Protection Officer in fulfilling the obligations imposed by personal data protection regulations – in the case of entities that do not have a Data Protection Officer,
- supporting the Data Protection Officer in performing tasks and fulfilling obligations arising from personal data protection regulations,
- to conduct periodic training on personal data protection regulations.
Protection of trade secrets and other legally protected secrets, particularly in the following areas:
- consulting in the application of legal, organizational, and technical solutions in the protection of trade secrets and other legally protected secrets,
- creating information security documentation, including legally protected secrets, based on the PN – ISO/IEC 27001 standard,
- to conduct training covering legal and practical issues related to the protection of trade secrets and other legally protected secrets.
Cybersecurity, particularly in the following areas:
- support in maintaining contacts with entities of the national cybersecurity system,
- support in supervision (management and updating) of the documentation required by the Act on the National Cyber Security System (NCS) used to provide the key service,
- assistance in the performance by the entity operating the key service of tasks and obligations imposed by the regulations on the national cybersecurity system,
- creating information security documentation in accordance with the requirements of PN – ISO/IEC 27001 and PN – ISO/IEC 27005,
- conducting audits of the Information Security Management System’s compliance with the provisions of PN-ISO/IEC 27001 and PN-ISO/IEC 27005 standards in accordance with the requirements specified in Article 15 of the Act on NCS,
- to conduct training covering legal and practical issues related to cybersecurity.
Prevention of money laundering and terrorist financing, particularly in the following areas:
- advising on the proper application of the Act on the Prevention of Money Laundering and Terrorism Financing,
- creating documentation (internal procedures) required by the regulations of Articles 50 and 53 of the Act on Public-Private Partnership in the Field of Infrastructure and Technology,
- to conduct training covering legal and practical issues related to combating money laundering and terrorist financing.
Protection of persons reporting breaches of law (whistleblower protection), particularly in the following areas:
- proper identification of threats that may result in a breach of the law,
- support in monitoring the ban on retaliatory actions against individuals reporting legal violations (whistleblowers),
- assistance in developing and implementing an internal procedure for reporting violations of the law and establishing secure channels for such reports,
- assistance in organizing the acceptance and verification of reports of infringements of the law,
- support in conducting follow-up actions, taking into account the protection of personal data processed in connection with the accepted notification of a legal infringement,
- support in maintaining the internal complaints register,
- to conduct periodic training on compliance with the regulations on the protection of persons reporting violations of the law (whistleblowers).
