Cybersecurity services
Audit, risk register and protection plan — aligned with ISO 27001 and DNSC.
If your business is under Law 58/2024 (Romanian NIS2 transposition) or wins tenders with security requirements, "I hope nothing happens" is no longer an option. You need a formal framework — and an audit that doesn't pass responsibility back to you.
If at least three of these sound familiar, it's time to talk.
DNSC or NIS2 obligations with no clarity on what to actually implement
Losing tenders because you don't have ISO 27001 certification
Security policies copy-pasted from the internet, with no real applicability
No risk register and no risk treatment plan
Staff with no awareness training — phishing remains the #1 breach vector
We start with the legal framework applicable to you: NIS2 (Law 58/2024), GDPR, sectoral requirements (BNR for fintech, ANSPDCP, ANCOM). We clearly identify what you must comply with and by when.
We perform a gap audit on the 14 ISO 27001 domains (Annex A controls), adapted to SMB realities — we don't turn a 30-person company into a bank. We deliver a prioritised risk register (impact × likelihood × mitigation cost) and a treatment plan with realistic deadlines.
We implement technical controls (MFA, network segmentation, off-site backup, EDR), organisational procedures (policies, training, incident response) and prepare documentation for DNSC audit or ISO 27001 certification.
Official audit per DNSC methodology for essential and important entities.
From zero to certification: gap analysis, SoA, risk register, policies, training, internal audit, certification audit support.
External and internal pentest, report with prioritised findings (CVSS) and remediation plan.
Live sessions + phishing simulations + e-learning. Demonstrable click-rate reduction.
Playbooks for ransomware, data exfiltration, BEC. Tabletop exercises with management.
For companies without an internal CISO — strategy, board reporting, regulator interface.
Identify applicable framework (NIS2, GDPR, sectoral) + ISO 27001 gap analysis.
Prioritised list impact × likelihood × mitigation cost. Treatment plan approved by management.
Technical (MFA, EDR, segmentation, backup) + organisational (policies, training, IR plan).
Documentation prep, internal audit, on-site support during DNSC or ISO 27001 audit.
Annual review, incident management, compliance reporting.
Complete dossier aligned to DNSC / ISO 27001, with traceability for every implemented control.
Certification opens public tenders and partnerships with corporates that impose security requirements.
You know what to fix first — based on impact and likelihood, not panic.
Measurable phishing click-rate reduction (from 25-30% to under 5% in 6 months).
30 minutes — we explore what you have, what's missing and what concrete next steps look like.
