Security Policies and Compliance Certifications

From gap analysis to ISO 27001 certificate — we guide the entire process.

We prepare IT and OT security policies tailored to your industry. We guide your organization through ISO 27001 certification, NIS-2/KSC readiness and DORA compliance. Zygmunt Gorszczyński, as ISO 27001 Lead Auditor, knows the process from the inside — no time wasted on corrections.

ISO 27001 certification is more than a procurement requirement — it’s about organizing security processes and proving to clients that you manage risk systematically. But the path from decision to certificate can take a year if you lack experience. We compress that timeline.

Zygmunt Gorszczyński is an ISO 27001 Lead Auditor with audit experience and compliance project background for financial and defense sector organizations. He knows what auditors check and how to write policies that pass on the first attempt. He manages the entire process: gap analysis, ISMS design, control implementation, internal audit and oversight of the certification audit.

Beyond ISO 27001, we support organizations in preparing for NIS-2/KSC (National Cybersecurity System Act) and DORA (financial sector regulations). We write security policies, incident response procedures, business continuity plans and documentation required by regulators.

We don’t deliver templates to fill in — we write tailored documents for your organization, reflecting actual processes and risks. Policies you can actually implement.

Benefits

  • ISO 27001 Lead Auditor on team — Zygmunt knows the certification process inside-out, no wasted time on corrections
  • Tailored policies — documents accounting for your industry, infrastructure and processes, not generic templates
  • Full process support — from gap analysis through ISMS implementation to certification audit oversight
  • Regulatory compliance — NIS-2/KSC, DORA and sector-specific requirements (BLIK, fintech, maritime)
  • Knowledge transfer — we train your team to maintain the system independently after the project

For Whom

  • Companies preparing for ISO 27001 certification — you need ISMS, internal audit and process oversight
  • Organizations subject to NIS-2/KSC — required security documentation, incident reporting procedures, audits
  • Financial sector (DORA) — banks, fintechs, payment institutions preparing for new EU requirements

What We Deliver

  • Gap analysis — assessment of current state against standard/regulatory requirements
  • ISMS documentation — security policies, procedures, instructions, registers (risks, assets, incidents)
  • Security control implementation plan (roadmap with schedule and budget)
  • Internal audit before certification — readiness verification, identification of gaps to close
  • Certification audit oversight — support during inspection, response to auditor questions

Start Certification Process — Book a free consultation, we’ll assess readiness and propose a schedule.

Interested?

Schedule a free consultation — let's discuss your needs.

Contact Us
Back to homepage