References

In every project, we are interested in how cybersecurity fits into the functioning of the entire organization – not just whether it complies with a standard or law. We take every project as an opportunity to show you real-life situations we’ve addressed with clients – from implementing security processes to preparing for certifications or long-term outsourcing of cybersecurity roles.

I can only recommend working with Cybrela consultants for xITee. We have been working together for several years and honestly, we would hardly look for anyone else. They are in charge of our entire cybersecurity, from preparing for security certifications, through updating documentation, to outsourcing the security manager. They take care of everything on an ongoing basis, not just when something happens. They respond quickly, with perspective, and always to the point. Thanks to them, we know our cybersecurity is in good hands. I highly recommend them.

Setting up processes and creating completely new documentation according to DORA in a way that made sense in practice was a challenge for us, but with Honza Falc and the Cybrel team we managed it very well. They helped us with risk analysis and recommendations for implementing specific measures. I especially appreciate their patience in explaining all the DORA intricacies and I really appreciate the fact that throughout the entire cooperation they took into account how we really operate in operation and did not try to fit some template solution on us. Thank you for the cooperation, I can only recommend them.

Katka Hůtová's approach was exceptional. She didn't read the laws, but talked about what they mean in practice. After a long time, a webinar that really interested me from beginning to end.

I’ve never really felt at home in cybersecurity, but this was the first time I didn’t feel like it was aimed only at IT people. Everything was explained in a clear, practical way, so I could actually picture how it works. And I even enjoyed it.

Who trust us?

We work with a wide range of organizations – from smaller companies to large corporations across various industries. Each project is slightly different, but the goal remains the same: to set up cybersecurity in a way that works in practice, complies with the law, and makes sense for operations.

Our work in practice

It often looks complicated at first – laws, regulations, audits. But once we get started, it turns out it’s mainly about common sense and clear rules. Here are a few examples of the types of projects we’ve handled with our clients.

Implementation of DORA requirements for Auto ESA

We prepared documentation for Auto ESA in accordance with DORA requirements. We followed it up with an ICT risk analysis and helped set the direction for specific measures resulting from the DORA regulation.

The project included the preparation of documentation according to the requirements of DORA. It also included an ICT risk analysis, where we identified key assets, threats and disruption scenarios with the client. Based on the outputs, we set specific measures and helped set the direction for how to implement them in practice. We also supported the client in preparing mandatory reports to the Czech National Bank. The result of the project is a functional ICT risk management system in accordance with DORA, which the client fulfills on an ongoing basis.

DORA

Preparation of a construction holding in the Czech Republic for the new law on cybersecurity

For a major construction group operating in the Czech Republic and Slovakia, we conducted a comprehensive GAP analysis of readiness for the new Cybersecurity Act and related regulations in both countries.

The aim of the project was to map the current state of information security management in more than 40 companies in the group and assess their compliance with the requirements of the new legislation. The work included the identification of regulated services in the Czech Republic and Slovakia, including a proposal for a procedure for their notification. The output was a summary report with an overview of risks, priorities and recommendations for individual companies and the central management of the group.

New Cybersecurity Act

Preparing a manufacturing company for the new Cybersecurity Act and ISO 27001

For a holding company supplying metallurgical materials, we implemented a project focused on assessing regulated services and preparing the parent company for the new Cybersecurity Act and future ISO 27001 certification.

The project was divided into two phases. In the first phase (9–10/2024), a GAP analysis of the information security management system and an assessment of the impacts of the new legislation were carried out. Based on the results, the necessary documentation, processes and measures to achieve compliance with the requirements of the law were prepared and implemented in the second phase (4–11/2025). The project included employee training and ongoing consultancy.

New Cybersecurity Act

Long-term outsourcing and comprehensive ISMS and GDPR management for an IT company

For a Czech IT service provider and software developer, which is part of a German holding, we provide long-term outsourcing of the roles of cybersecurity manager and data protection officer.

Our long-term cooperation includes comprehensive support in the area of risk management, implementation of security measures and documentation management according to ISO 27001, 9001, 20000-1 and 14001 standards. We ensure regular updates of the ISMS system and GDPR documentation, perform internal audits and provide assistance with external audits. The cooperation also includes ongoing risk assessment and methodological support for company management in decision-making.

Outsourcing

Preparation for TISAX certification after merger into a global holding company

For a manufacturing company that became part of a global technology holding after a merger, we prepared the Czech branch for TISAX certification.

The aim of the project was to align the existing documentation of the original company with the global policies of the holding, take into account the real processes of local operations and adapt everything to the new version of the TISAX standard. During the cooperation, we helped to unify the safety management with the new group framework and prepared the team for the audit. The project ended with the successful acquisition of certification.

Tisax

Preparing the holding for the new cybersecurity law

For a group of companies operating in the field of waste management, we implemented a project focused on the assessment and development of an information security management system (ISMS) in connection with the new Cybersecurity Act.

In the initial phase (5–6/2023), we conducted a GAP analysis of existing documentation and measures within the entire group. Based on the results, we prepared documentation and a draft of measures for the parent company and subsidiaries within the scope of higher obligations under the new Cybersecurity Act. In the subsequent implementation phase (9/2024–11/2025), we prepared a risk analysis, disaster recovery plans (DRPs) and recommendations for the implementation of organizational and technical measures.

New Cybersecurity Act

Preparing an insurance company for DORA requirements

For a Czech insurance company, which is a provider of ICT services for institutions subject to the DORA regulation, we implemented a project focused on aligning internal processes with the requirements of the European DORA regulation.

The project included the preparation and completion of security documentation, employee training, and the design of organizational and technical measures for managing cybersecurity risks. Emphasis was placed on linking legislative requirements with the real functioning of IT and operational teams. The output was a set of recommendations and methodological documents that enabled the company to effectively implement DORA requirements.

DORA

ISO 27001 certification for ICT service providers under DORA regulation

We have provided preparation for ISO 27001 certification for ICT service providers under the DORA regulation as a key step towards meeting DORA requirements. The company also provides IT services in the healthcare sector.

The project included the creation and updating of the information security management system documentation, process settings and measures according to the requirements of the ISO standard and DORA regulation. It also included training of the internal team. During the audit, we accompanied the client in defending the system settings and provided support in interpreting the auditors' requirements. The project ended with the successful acquisition of certification.

ISO 27001

Preparing a crypto payment gateway provider to obtain a MiCA license

We prepared an information security management system for a company operating a crypto payment gateway as part of the process of obtaining a license under the European MiCA regulation.

The project included the creation and structuring of ISMS documentation, setting up organizational and technical measures and designing processes to ensure secure processing and data protection within payment transactions. The cooperation also included employee training and recommendations for effective maintenance of security measures. The output was a complete underlying framework enabling the company to successfully enter the licensing process.

DORA

Preparing a manufacturing company for the new version of TISAX certification

For an established automotive parts manufacturer with a rich history, we provided complete preparation for TISAX certification in the new version of the standard for the Czech Republic and Germany.

The project included a review of the original documentation, its addition according to the customer's current processes and adjustment in accordance with the new TISAX requirements. The work also included close cooperation with local teams in implementing the changes and preparing for the audit itself. Our support continued during the audit, when we helped with the interpretation of the requirements and additional explanations to the auditor. The result was a successful completion of the audit without major discrepancies.

Tisax

Energy holding company preparing for new cybersecurity law

For a holding company operating in the energy sector, we provided comprehensive preparation for the new Cybersecurity Act within the scope of higher obligations.

The project focused on creating and supplementing the necessary documentation, designing processes and measures in the area of information security, and training key employees. The goal was to align existing security management with new legislative requirements and create a framework for their practical application in everyday operations. The output was a comprehensive set of documents, recommendations, and methodological steps that allow the company to effectively fulfill new obligations.

New Cybersecurity Act

GAP analysis and university preparation for the new cybersecurity law

For the largest art university in the Czech Republic, we conducted a GAP analysis of the information security management system and assessed current cybersecurity measures.

The project focused on evaluating the existing documentation and identifying areas that need to be supplemented to meet the requirements of the new Cybersecurity Act in the scope of lower obligations. We prepared the necessary documentation, including risk analysis and disaster recovery plans (DRP). The project also included recommendations for the implementation of organizational and technical measures that will help the school improve the level of protection in the long term.

New Cybersecurity Act

Preparing automotive component manufacturers for TISAX certification

A manufacturer of rubber hoses for heating and cooling motor vehicles approached us with the aim of preparing both of its locations (in the Czech Republic and Germany) for TISAX certification in the new version of the standard.

The project lasted several months and included a complete revision of the existing documentation, its adaptation to real production and quality management processes and addition of new TISAX requirements. A key part of the work consisted in unifying global procedures with the specifics of local plants and in practical preparation of employees for the audit. During the audit, we provided assistance and support in communicating with the audit team. The result was successful certification.

Tisax

FAQ

How much is the initial consultation?

The introductory consultation is free. Its purpose is to understand your situation, explore how we can help, and assess whether a collaboration makes sense for you. Together, we’ll review your current status, risks, and expected outcomes. Based on that, we’ll suggest next steps.

How does the collaboration work?

We start with a meeting (online or in person) to clarify goals, scope, and form of cooperation. We then prepare a work plan, define responsibilities, and agree on a timeline. Throughout the project, we combine analytical work (reviews, interviews, audits) with workshops to fine-tune solutions with your team. We share results continuously so you’re always in control of project progress.

How much time will this require from our team?

It depends on the type of project, but we always aim to involve only the people truly needed. For analyses or audits, several hours with key individuals is usually enough. For projects involving process or documentation design, regular working sessions are to be expected. Our goal is to let you focus on your work while ensuring that things move forward.

How do you protect the information we share?

We know that letting an external party into sensitive areas like cybersecurity or internal processes is a big step. That’s why we prioritize transparency and trust from the start. All information is treated confidentially and handled as if it were our own. Every collaboration includes a non-disclosure agreement (NDA), and all documents are stored in secure, access-controlled systems.

Contact us and get your umbrella against cyber threats!

We’ll help you build the foundations, principles, and documentation needed for effective protection. We’ll teach you how to understand and rely on your security in case of an incident – ensuring your organization stays resilient, not paralyzed.