References
In every project, we look for a balance between compliance and day-to-day business reality. We don’t use one-size-fits-all templates. Security processes need to fit how your company actually runs. We focus on helping clients understand the “why” behind security, not just follow instructions. So they can manage the system on their own and trust it when something goes wrong.
Who trusts us?
Máme zkušenosti z různých oborů i s různě velkými projekty. Víme, že každá organizace funguje jinak, proto se nesnažíme o univerzální řešení. Důležité pro nás je, aby kyberbezpečnost seděla vaší společnosti.
On behalf of xITee, I wholeheartedly recommend working with consultants at Cybrela. We've been collaborating for several years now, and honestly, it would be hard to find someone else. They take care of all our cybersecurity – from preparing for security certifications and updating documentation to outsourcing the cybersecurity manager role. They handle everything continuously, not just when issues arise. Their responses are quick, thoughtful, and always to the point. Thanks to them, we can be confident that our cybersecurity is in good hands. Highly recommended.
Martin Zítko
CTO, xITee k.s.
On behalf of the entire Aspena company, I would like to thank you for your cooperation in setting up the system, creating documentation, and preparing for ISO 27001 certification. I especially appreciate the approach of Mr. Falc, who led the project calmly and was able to guide us through even the more complex parts. Thanks to this, we managed everything in a relatively short time. From my perspective, you are a great team, and I am very glad that, thanks to you, I learned and discovered many things that we will build on at Aspena – at least in the field of cybersecurity. We rate the cooperation very positively and value the expertise and support we had throughout.
Břetislav Svoboda
CDO, Aspena s.r.o.
Setting up processes and building completely new documentation in line with DORA — in a way that actually works in practice — was a challenge for us. But with Jan Falc and the Cybrela team, we managed it really well. They supported us with risk analysis and gave clear recommendations on how to implement specific measures. What I appreciate most is their patience in explaining all the complexities of DORA, and the fact that throughout the entire cooperation, they took into account how we actually operate in real life instead of trying to force a template-based solution on us. Thank you for the collaboration. I can only recommend them.
Jan Sváček
Head of ICT, Auto ESA a.s.
Our cooperation with the consulting team at Cybrela on implementing NIS2 processes and documentation was highly professional from the very beginning, well-managed, and above all clearly structured. We particularly appreciate the team’s expertise, their proactive approach, and open communication. The consultants were able to continuously respond to our input, propose alternative solutions, and clearly explain the impact of individual measures on both operational and technical levels.
Milena Segečová
Energetický a průmyslový holding, a. s.
Delivered projects
At the beginning, it often looks complicated – full of regulations, requirements, and audits. But in our experience, it mostly comes down to common sense and setting clear, understandable rules. Here are a few projects we’ve worked on with our clients.
Preparation of documentation and implementation of DORA requirements for Auto ESA
For the company Auto ESA, we prepared documentation according to DORA requirements. We followed this up with a risk analysis in the ICT area and helped establish a direction for the specific measures arising from the DORA regulation.
The project included the preparation of documentation according to DORA requirements. It also involved a risk analysis of ICT risks, where, together with the client, we identified key assets, threats, and operational disruption scenarios. Based on the outputs, we have set up specific measures and helped establish a direction for implementing them in practice. At the same time, we supported the client in preparing mandatory reports for the ČNB (Czech National Bank). The result of the project is a functional ICT risk management system in compliance with DORA, which the client maintains on an ongoing basis.
DORA
Preparing a construction holding in the Czech Republic for the new Cybersecurity Act
For a major construction group operating in the Czech Republic and Slovakia, we carried out a comprehensive GAP analysis to assess readiness for the new Cybersecurity Act and its implementing decrees in both countries.
The aim was to assess information security management across more than 40 companies in the group and evaluate their compliance with new legal requirements. The project included identifying regulated services in CZ and SK and proposing a notification procedure. The outcome was a summary report with risks, priorities, and recommendations for individual companies and group management.
New Cybersecurity Act
Preparing Aspena for ISO 27001 certification
With Aspena, a company providing language services, we worked on preparing for ISO 27001 certification with regard to the handling of sensitive customer data.
The goal of the project was to establish information security management in areas that are key for the company — particularly the handling of customer data, its transfer, storage, and processing. The cooperation included supplementing documentation, setting up processes, and preparing for the audit according to the standard's requirements. The result is a system that covers the requirements of ISO 27001 and enables the company to manage data security in everyday operations and in relation to its customers.
ISO 27001
Preparing the energy holding company EPH for the new Cybersecurity Act
For the EPH holding company, operating in the energy sector, we provided comprehensive preparation for the new Act on Cybersecurity under the higher obligations regime.
The project focused on creating and updating documentation, designing processes and measures in information security, and training key personnel. The goal was to align existing security management with new legislative requirements and create a practical framework for implementation. The output was a complete set of documents, recommendations, and methodological steps that allowed effective compliance with the new obligations.
New Cybersecurity Act
Linamar's preparation for TISAX certification after the merger into a global holding
For the manufacturing company Linamar, which became part of a global technology holding following a merger, we handled the preparation of the Czech branch for TISAX certification.
The goal was to align the existing documentation with global policies, reflect specific local processes, and comply with the latest TISAX version. We helped unify the security management approach with the new corporate framework and prepared the team for audit. The project resulted in a successful certification.
Tisax
Long-term outsourcing and comprehensive management of ISMS and GDPR for xITee
For the company xITee, a Czech IT services provider and software developer that is part of a German holding, we provide long-term outsourcing of the roles of cybersecurity manager and data protection officer.
Our ongoing long-term cooperation includes full support in risk management, implementation of security measures, and documentation management in line with ISO 27001, ISO 9001, ISO 20000-1, and ISO 14001. We conduct regular ISMS and GDPR documentation updates, internal audits, and support during external audits. We also continuously assess risks and provide guidance to help management make informed decisions.
Outsourcing
Preparing a crypto payment gateway provider for MiCA licensing
For a company operating a crypto payment gateway, we developed an information security management system as part of the process to obtain a license under the EU MiCA regulation.
The project included developing ISMS documentation, defining organizational and technical measures, and designing processes for secure data handling in payment transactions. We also delivered staff training and recommendations for efficient security maintenance. The outcome was a complete framework enabling the company to enter the licensing process.
DORA
Preparing the company APAG for the new version of TISAX certification
For the company APAG, a manufacturer of automotive parts with a rich history, we provided complete preparation for TISAX certification under the new version of the standard for the Czech Republic and Germany.
The project involved reviewing the original documentation, supplementing it according to the client’s current processes, and adjusting it to comply with the new TISAX requirements. The work also included close collaboration with local teams during the implementation of changes and preparation for the audit itself. Our support continued throughout the audit, where we assisted with interpreting requirements and providing additional explanations to the auditor. The result was a successful completion of the audit without any major nonconformities.
Tisax
Preparing an insurance company for DORA
For a Czech insurance company providing ICT services to regulated institutions under DORA, we created a project focused on aligning internal processes with the European DORA requirements.
The project included documentation updates, employee training, and the design of organizational and technical measures for cybersecurity risk management. Emphasis was placed on linking legal requirements with practical IT and operational processes. The output was a set of recommendations and methodological materials to support efficient DORA implementation.
DORA
ISO 27001 certification for an ICT service provider under DORA
For an ICT service provider falling under DORA, we prepared the organization for ISO 27001 certification as a key step in meeting regulatory DORA requirements. The company also provides IT services in healthcare.
The project involved creating and updating the documentation for the information security management system, setting up processes and measures in accordance with ISO standards and the DORA regulation. It also included training the internal team. During the audit, we accompanied the client in defending the system setup and provided support in interpreting the auditors’ requirements. The project concluded with successfully obtaining the certification.
ISO 27001
Preparing the manufacturing company Tristone for TISAX certification
A manufacturer of rubber hoses for heating and cooling motor vehicles approached us with the goal of preparing both of its locations (in the Czech Republic and Germany) for TISAX certification under the new version of the standard.
The project lasted several months and included a full review and update of existing documentation to align with real manufacturing and quality processes, as well as new TISAX requirements. A key part of the work was unifying global procedures with local specifics and practically preparing employees for the audit. During the audit, we provided support and communication with the audit team. The result: successful certification.
Tisax
GAP analysis and preparation of a university for the new Cybersecurity Act
For the largest arts university in the Czech Republic, we conducted a GAP analysis of the information security management system and assessed current cybersecurity measures.
The project focused on evaluating the existing documentation and identifying gaps that needed to be supplemented in order to comply with the new Cybersecurity Act under the lower obligations regime. We prepared the necessary documentation, including risk analysis and disaster recovery plans (DRP). The project also included recommendations for implementing organizational and technical measures to support long-term security improvement.
New Cybersecurity Act
Preparing a waste management holding for the new Cybersecurity Act
For a holding operating in waste management, we delivered a project focused on evaluating and developing the ISMS in connection with the new Cybersecurity Act.
In the initial phase (May–Jun 2023), we carried out a GAP analysis of existing documentation and measures across the group. Based on the findings, we prepared documentation and measures for the parent company and subsidiaries to meet higher regime cybersecurity obligations. The implementation phase (Sep 2024–Nov 2025) included risk analysis, disaster recovery plans (DRP), and recommendations for technical and organizational measures.
New Cybersecurity Act
Preparing a manufacturing company for the new Cybersecurity Act and ISO 27001
For a steel distribution holding, we delivered a project focused on identifying regulated services and preparing the parent company for the new Cybersecurity Act and future ISO 27001 certification.
The project had two phases. The first phase (Sep–Oct 2024) included a GAP analysis of the information security management system and impact assessment of new legislation. Based on the findings, we drafted and implemented the necessary documentation, processes, and measures to meet legal requirements in the second phase (Apr–Nov 2025). The project also included staff training and ongoing consulting.
New Cybersecurity Act
FAQ
How much is the initial consultation?
The introductory consultation is free. Its purpose is to understand your situation, explore how we can help, and assess whether a collaboration makes sense for you. Together, we’ll review your current status, risks, and expected outcomes. Based on that, we’ll suggest next steps.
How does the collaboration work?
We start with a meeting (online or in person) to clarify goals, scope, and form of cooperation. We then prepare a work plan, define responsibilities, and agree on a timeline. Throughout the project, we combine analytical work (reviews, interviews, audits) with workshops to fine-tune solutions with your team. We share results continuously so you’re always in control of project progress.
How much time will this require from our team?
It depends on the type of project, but we always aim to involve only the people truly needed. For analyses or audits, several hours with key individuals is usually enough. For projects involving process or documentation design, regular working sessions are to be expected. Our goal is to let you focus on your work while ensuring that things move forward.
How do you protect the information we share?
We know that letting an external party into sensitive areas like cybersecurity or internal processes is a big step. That’s why we prioritize transparency and trust from the start. All information is treated confidentially and handled as if it were our own. Every collaboration includes a non-disclosure agreement (NDA), and all documents are stored in secure, access-controlled systems.
Contact us and get your umbrella against cyber threats!
We'll help you build the foundations, principles, and documentation needed for effective protection. We'll teach you how to understand and rely on your security in case of an incident – ensuring your organization stays resilient, not paralyzed.