References
U každého projektu se snažíme najít balanc mezi zákonnou povinností a fungujícím byznysem. Nepracujeme s univerzálními šablonami, ale dbáme na to, aby bezpečnostní procesy odpovídaly realitě Vašeho podnikání. Klienty učíme bezpečnostní principy chápat, nikoliv pouze kopírovat, aby byli schopni systém sami udržovat a spoléhat se na něj v případě incidentů.
Who nám důvěřuje?
Máme zkušenosti z různých oborů a s různě velkými projekty. Víme, že každá firma funguje jinak, proto se nesnažíme o univerzální řešení. Důležité pro nás je, aby kyberbezpečnost seděla Vaší organizaci na míru.
On behalf of xITee, I wholeheartedly recommend working with consultants at Cybrela. We've been collaborating for several years now, and honestly, it would be hard to find someone else. They take care of all our cybersecurity – from preparing for security certifications and updating documentation to outsourcing the cybersecurity manager role. They handle everything continuously, not just when issues arise. Their responses are quick, thoughtful, and always to the point. Thanks to them, we can be confident that our cybersecurity is in good hands. Highly recommended.
Martin Zítko
CTO, xITee k.s.
Nastavit procesy a vytvořit úplně novou dokumentaci podle DORA tak, aby dávaly smysl i v praxi pro nás byla výzva, ale s Honzou Falcem a týmem Cybrela se nám to podařilo výborně. Pomohli nám s analýzou rizik i doporučeními k zavedení konkrétních opatření. Oceňuji hlavně jejich trpělivost při vysvětlování všech DORA záludností a velmi si vážím toho, že v rámci celé spolupráce zohledňovali to, jak v provozu opravdu fungujeme, a nesnažili se na nás napasovat nějaké šablonovité řešení. Děkujeme za spolupráci, mohu jen doporučit.
Jan Sváček
ředitel ICT, Auto ESA a.s.
Spolupráce s týmem konzultantů společnosti Cybrela při implementaci procesů a dokumentace NIS2 byla od samého začátku velmi profesionální, efektivně řízená, a především dobře strukturovaná. Velmi oceňujeme odborné znalosti týmu, jeho vstřícnost a otevřenou komunikaci. Konzultanti byli schopni průběžně reagovat na naše podněty, nabízet alternativní řešení a vysvětlit dopady jednotlivých opatření na provozní i technické úrovni.
Milena Segečová
Energetický a průmyslový holding, a. s.
Realizované projekty
Na začátku to často vypadá složitě – samé zákony, regulace a audity. Naše zkušenost je ale taková, že ve výsledku jde hlavně o zdravý rozum a nastavení srozumitelných pravidel. Tady je pár projektů, které jsme se zákazníky řešili.
Příprava dokumentace a implementace požadavků DORA pro Auto ESA
Pro společnost Auto ESA jsme zpracovali dokumentaci podle požadavků DORA. Navázali jsme na ni risk analýzou v oblasti ICT a pomohli nastavit směr pro konkrétní opatření vyplývajících z nařízení DORA.
Projekt zahrnoval zpracování dokumentace podle požadavků DORA. Součástí byla také risk analýza ICT rizik, kde jsme s klientem identifikovali klíčová aktiva, hrozby a scénáře narušení provozu. Na základě výstupů jsme nastavili konkrétní opatření a pomohli nastavit směr, jak je zavést do praxe. Klienta jsme zároveň podpořili při přípravě povinných výkazů vůči ČNB. Výsledkem projektu je funkční systém řízení ICT rizik v souladu s DORA, který klient plní průběžně.
DORA
Preparing a construction holding in the Czech Republic for the new Cybersecurity Act
For a major construction group operating in the Czech Republic and Slovakia, we carried out a comprehensive GAP analysis to assess readiness for the new Cybersecurity Act and its implementing decrees in both countries.
The aim was to assess information security management across more than 40 companies in the group and evaluate their compliance with new legal requirements. The project included identifying regulated services in CZ and SK and proposing a notification procedure. The outcome was a summary report with risks, priorities, and recommendations for individual companies and group management.
New Cybersecurity Act
Preparing a manufacturing company for the new Cybersecurity Act and ISO 27001
For a steel distribution holding, we delivered a project focused on identifying regulated services and preparing the parent company for the new Cybersecurity Act and future ISO 27001 certification.
The project had two phases. The first phase (Sep–Oct 2024) included a GAP analysis of the information security management system and impact assessment of new legislation. Based on the findings, we drafted and implemented the necessary documentation, processes, and measures to meet legal requirements in the second phase (Apr–Nov 2025). The project also included staff training and ongoing consulting.
New Cybersecurity Act
Dlouhodobý outsourcing a komplexní správa ISMS a GDPR pro xITee
Pro společnost xITee, českého poskytovatele IT služeb a vývojáře softwaru, který je součástí německého holdingu, zajišťujeme dlouhodobý outsourcing rolí manažera kybernetické bezpečnosti a pověřence pro ochranu osobních údajů.
Our ongoing long-term cooperation includes full support in risk management, implementation of security measures, and documentation management in line with ISO 27001, ISO 9001, ISO 20000-1, and ISO 14001. We conduct regular ISMS and GDPR documentation updates, internal audits, and support during external audits. We also continuously assess risks and provide guidance to help management make informed decisions.
Outsourcing
Příprava společnosti Linamar na TISAX certifikaci po fúzi do globálního holdingu
Pro výrobní společnosti Linamar, která se po fúzi stala součástí globálního technologického holdingu, jsme zajišťovali přípravu české pobočky na certifikaci TISAX.
The goal was to align the existing documentation with global policies, reflect specific local processes, and comply with the latest TISAX version. We helped unify the security management approach with the new corporate framework and prepared the team for audit. The project resulted in a successful certification.
Tisax
Příprava energetického holdingu EPH na nový zákon o kybernetické bezpečnosti
Pro EPH holding působící v oblasti energetiky jsme zajistili komplexní přípravu na nový zákon o kybernetické bezpečnosti v rozsahu vyšších povinností.
The project focused on creating and updating documentation, designing processes and measures in information security, and training key personnel. The goal was to align existing security management with new legislative requirements and create a practical framework for implementation. The output was a complete set of documents, recommendations, and methodological steps that allowed effective compliance with the new obligations.
New Cybersecurity Act
Preparing a crypto payment gateway provider for MiCA licensing
For a company operating a crypto payment gateway, we developed an information security management system as part of the process to obtain a license under the EU MiCA regulation.
The project included developing ISMS documentation, defining organizational and technical measures, and designing processes for secure data handling in payment transactions. We also delivered staff training and recommendations for efficient security maintenance. The outcome was a complete framework enabling the company to enter the licensing process.
DORA
Příprava společnosti APAG na novou verzi certifikace TISAX
Pro společnost APAG, výrobce automobilových dílů s bohatou historií, jsme zajistili kompletní přípravu na certifikaci TISAX v nové verzi standardu pro Česko a Německo.
The project involved reviewing the original documentation, supplementing it according to the client’s current processes, and adjusting it to comply with the new TISAX requirements. The work also included close collaboration with local teams during the implementation of changes and preparation for the audit itself. Our support continued throughout the audit, where we assisted with interpreting requirements and providing additional explanations to the auditor. The result was a successful completion of the audit without any major nonconformities.
Tisax
Preparing an insurance company for DORA
For a Czech insurance company providing ICT services to regulated institutions under DORA, we created a project focused on aligning internal processes with the European DORA requirements.
The project included documentation updates, employee training, and the design of organizational and technical measures for cybersecurity risk management. Emphasis was placed on linking legal requirements with practical IT and operational processes. The output was a set of recommendations and methodological materials to support efficient DORA implementation.
DORA
ISO 27001 certification for an ICT service provider under DORA
For an ICT service provider falling under DORA, we prepared the organization for ISO 27001 certification as a key step in meeting regulatory DORA requirements. The company also provides IT services in healthcare.
The project involved creating and updating the documentation for the information security management system, setting up processes and measures in accordance with ISO standards and the DORA regulation. It also included training the internal team. During the audit, we accompanied the client in defending the system setup and provided support in interpreting the auditors’ requirements. The project concluded with successfully obtaining the certification.
ISO 27001
Příprava výrobní společnosti Tristone na certifikaci TISAX
Výrobce pryžových hadic pro topení a chlazení motorových vozidel nás oslovil s cílem připravit obě své lokality (v ČR a Německu) na certifikaci TISAX v nové verzi standardu.
The project lasted several months and included a full review and update of existing documentation to align with real manufacturing and quality processes, as well as new TISAX requirements. A key part of the work was unifying global procedures with local specifics and practically preparing employees for the audit. During the audit, we provided support and communication with the audit team. The result: successful certification.
Tisax
GAP analysis and preparation of a university for the new Cybersecurity Act
For the largest arts university in the Czech Republic, we conducted a GAP analysis of the information security management system and assessed current cybersecurity measures.
The project focused on evaluating the existing documentation and identifying gaps that needed to be supplemented in order to comply with the new Cybersecurity Act under the lower obligations regime. We prepared the necessary documentation, including risk analysis and disaster recovery plans (DRP). The project also included recommendations for implementing organizational and technical measures to support long-term security improvement.
New Cybersecurity Act
Preparing a waste management holding for the new Cybersecurity Act
For a holding operating in waste management, we delivered a project focused on evaluating and developing the ISMS in connection with the new Cybersecurity Act.
In the initial phase (May–Jun 2023), we carried out a GAP analysis of existing documentation and measures across the group. Based on the findings, we prepared documentation and measures for the parent company and subsidiaries to meet higher regime cybersecurity obligations. The implementation phase (Sep 2024–Nov 2025) included risk analysis, disaster recovery plans (DRP), and recommendations for technical and organizational measures.
New Cybersecurity Act
FAQ
How much is the initial consultation?
The introductory consultation is free. Its purpose is to understand your situation, explore how we can help, and assess whether a collaboration makes sense for you. Together, we’ll review your current status, risks, and expected outcomes. Based on that, we’ll suggest next steps.
How does the collaboration work?
We start with a meeting (online or in person) to clarify goals, scope, and form of cooperation. We then prepare a work plan, define responsibilities, and agree on a timeline. Throughout the project, we combine analytical work (reviews, interviews, audits) with workshops to fine-tune solutions with your team. We share results continuously so you’re always in control of project progress.
How much time will this require from our team?
It depends on the type of project, but we always aim to involve only the people truly needed. For analyses or audits, several hours with key individuals is usually enough. For projects involving process or documentation design, regular working sessions are to be expected. Our goal is to let you focus on your work while ensuring that things move forward.
How do you protect the information we share?
We know that letting an external party into sensitive areas like cybersecurity or internal processes is a big step. That’s why we prioritize transparency and trust from the start. All information is treated confidentially and handled as if it were our own. Every collaboration includes a non-disclosure agreement (NDA), and all documents are stored in secure, access-controlled systems.
Contact us and get your umbrella against cyber threats!
We'll help you build the foundations, principles, and documentation needed for effective protection. We'll teach you how to understand and rely on your security in case of an incident – ensuring your organization stays resilient, not paralyzed.