References

In every project, we are interested in how cybersecurity fits into the functioning of the entire organization – not just whether it complies with a standard or law. We take every project as an opportunity to show you real-life situations we’ve addressed with clients – from implementing security processes to preparing for certifications or long-term outsourcing of cybersecurity roles.

On behalf of xITee, I wholeheartedly recommend working with consultants at Cybrela. We've been collaborating for several years now, and honestly, it would be hard to find someone else. They take care of all our cybersecurity – from preparing for security certifications and updating documentation to outsourcing the cybersecurity manager role. They handle everything continuously, not just when issues arise. Their responses are quick, thoughtful, and always to the point. Thanks to them, we can be confident that our cybersecurity is in good hands. Highly recommended.

Kačka Hůtová’s approach was exceptional. She didn’t just read the law out loud – she explained what it means in practice. It’s been a long time since a webinar really kept my attention from start to finish.

I’ve never felt completely confident in cybersecurity, but this time I didn’t feel like that the webinar was targeted only at IT people. Everything was explained in a human, practical way, so I could actually understand it better – and I even enjoyed it.

Who trust us?

We work with a wide range of organizations – from smaller companies to large corporations across various industries. Each project is slightly different, but the goal remains the same: to set up cybersecurity in a way that works in practice, complies with the law, and makes sense for operations.

Our work in practice

It often looks complicated at first – laws, regulations, audits. But once we get started, it turns out it’s mainly about common sense and clear rules. Here are a few examples of the types of projects we’ve handled with our clients.

Preparing a construction holding in the Czech Republic for the new Cybersecurity Act

For a major construction group operating in the Czech Republic and Slovakia, we carried out a comprehensive GAP analysis to assess readiness for the new Cybersecurity Act and its implementing decrees in both countries.

The aim was to assess information security management across more than 40 companies in the group and evaluate their compliance with new legal requirements. The project included identifying regulated services in CZ and SK and proposing a notification procedure. The outcome was a summary report with risks, priorities, and recommendations for individual companies and group management.

New Cybersecurity Act

Preparing an automotive components manufacturer for TISAX certification

A manufacturer of rubber hoses for vehicle heating and cooling contacted us to prepare both of its locations (CZ and DE) for the updated version of the TISAX standard.

The project lasted several months and included a full review and update of existing documentation to align with real manufacturing and quality processes, as well as new TISAX requirements. A key part of the work was unifying global procedures with local specifics and practically preparing employees for the audit. During the audit, we provided support and communication with the audit team. The result: successful certification.

Tisax

Preparing a manufacturing company for the new Cybersecurity Act and ISO 27001

For a steel distribution holding, we delivered a project focused on identifying regulated services and preparing the parent company for the new Cybersecurity Act and future ISO 27001 certification.

The project had two phases. The first phase (Sep–Oct 2024) included a GAP analysis of the information security management system and impact assessment of new legislation. Based on the findings, we drafted and implemented the necessary documentation, processes, and measures to meet legal requirements in the second phase (Apr–Nov 2025). The project also included staff training and ongoing consulting.

New Cybersecurity Act

Long-term outsourcing and comprehensive ISMS & GDPR management for an IT company

For a Czech IT service provider and software developer within a German holding, we provide long-term outsourcing of the cybersecurity manager and data protection officer roles.

Our ongoing long-term cooperation includes full support in risk management, implementation of security measures, and documentation management in line with ISO 27001, ISO 9001, ISO 20000-1, and ISO 14001. We conduct regular ISMS and GDPR documentation updates, internal audits, and support during external audits. We also continuously assess risks and provide guidance to help management make informed decisions.

Outsourcing

Preparing a company for TISAX after a merger with a global group

For a production company that became part of a global tech holding after a merger, we handled the preparation of the Czech branch for TISAX certification.

The goal was to align the existing documentation with global policies, reflect specific local processes, and comply with the latest TISAX version. We helped unify the security management approach with the new corporate framework and prepared the team for audit. The project resulted in a successful certification.

Tisax

Preparing a waste management holding for the new Cybersecurity Act

For a holding operating in waste management, we delivered a project focused on evaluating and developing the ISMS in connection with the new Cybersecurity Act.

In the initial phase (May–Jun 2023), we carried out a GAP analysis of existing documentation and measures across the group. Based on the findings, we prepared documentation and measures for the parent company and subsidiaries to meet higher regime cybersecurity obligations. The implementation phase (Sep 2024–Nov 2025) included risk analysis, disaster recovery plans (DRP), and recommendations for technical and organizational measures.

New Cybersecurity Act

Preparing an insurance company for DORA

For a Czech insurance company providing ICT services to regulated institutions under DORA, we created a project focused on aligning internal processes with the European DORA requirements.

The project included documentation updates, employee training, and the design of organizational and technical measures for cybersecurity risk management. Emphasis was placed on linking legal requirements with practical IT and operational processes. The output was a set of recommendations and methodological materials to support efficient DORA implementation.

DORA

ISO 27001 certification for an ICT service provider under DORA

For an ICT service provider falling under DORA, we prepared the organization for ISO 27001 certification as a key step in meeting regulatory DORA requirements. The company also provides IT services in healthcare.

The project involved creating and updating the documentation for the information security management system, setting up processes and measures in accordance with ISO standards and the DORA regulation. It also included training the internal team. During the audit, we accompanied the client in defending the system setup and provided support in interpreting the auditors’ requirements. The project concluded with successfully obtaining the certification.

ISO 27001

Preparing a crypto payment gateway provider for MiCA licensing

For a company operating a crypto payment gateway, we developed an information security management system as part of the process to obtain a license under the EU MiCA regulation.

The project included developing ISMS documentation, defining organizational and technical measures, and designing processes for secure data handling in payment transactions. We also delivered staff training and recommendations for efficient security maintenance. The outcome was a complete framework enabling the company to enter the licensing process.

DORA

Preparing a manufacturing business for the new TISAX standard

For an established automotive parts manufacturer with a long history, we ensured full preparation for TISAX certification in the latest version of the standard for both Czech and German locations.

The project involved reviewing the original documentation, supplementing it according to the client’s current processes, and adjusting it to comply with the new TISAX requirements. The work also included close collaboration with local teams during the implementation of changes and preparation for the audit itself. Our support continued throughout the audit, where we assisted with interpreting requirements and providing additional explanations to the auditor. The result was a successful completion of the audit without any major nonconformities.

Tisax

Preparing an energy holding for the new Cybersecurity Act

For an energy sector holding, we delivered comprehensive preparation for the new Cybersecurity Act under the higher regime obligations.

The project focused on creating and updating documentation, designing processes and measures in information security, and training key personnel. The goal was to align existing security management with new legislative requirements and create a practical framework for implementation. The output was a complete set of documents, recommendations, and methodological steps that allowed effective compliance with the new obligations.

New Cybersecurity Act

GAP analysis and preparation of a university for the new Cybersecurity Act

For the largest arts university in the Czech Republic, we conducted a GAP analysis of the information security management system and assessed current cybersecurity measures.

The project focused on evaluating the existing documentation and identifying gaps that needed to be supplemented in order to comply with the new Cybersecurity Act under the lower obligations regime. We prepared the necessary documentation, including risk analysis and disaster recovery plans (DRP). The project also included recommendations for implementing organizational and technical measures to support long-term security improvement.

New Cybersecurity Act

FAQ

How much is the initial consultation?

The introductory consultation is free. Its purpose is to understand your situation, explore how we can help, and assess whether a collaboration makes sense for you. Together, we’ll review your current status, risks, and expected outcomes. Based on that, we’ll suggest next steps.

How does the collaboration work?

We start with a meeting (online or in person) to clarify goals, scope, and form of cooperation. We then prepare a work plan, define responsibilities, and agree on a timeline. Throughout the project, we combine analytical work (reviews, interviews, audits) with workshops to fine-tune solutions with your team. We share results continuously so you’re always in control of project progress.

How much time will this require from our team?

It depends on the type of project, but we always aim to involve only the people truly needed. For analyses or audits, several hours with key individuals is usually enough. For projects involving process or documentation design, regular working sessions are to be expected. Our goal is to let you focus on your work while ensuring that things move forward.

How do you protect the information we share?

We know that letting an external party into sensitive areas like cybersecurity or internal processes is a big step. That’s why we prioritize transparency and trust from the start. All information is treated confidentially and handled as if it were our own. Every collaboration includes a non-disclosure agreement (NDA), and all documents are stored in secure, access-controlled systems.

Contact us and get your umbrella against cyber threats!

We'll help you build the foundations, principles, and documentation needed for effective protection. We'll teach you how to understand and rely on your security in case of an incident – ensuring your organization stays resilient, not paralyzed.