Knowledge Hub – practice over theory
We help organizations connect technology, risk and compliance into one coherent picture. In our Knowledge Hub you’ll find practical resources you can use right away – from best practices and white papers to checklists and video content.
Best practices
We have collected proven approaches, patterns and recommendations that help IT, security and compliance teams work more effectively.
Here you will find, among others:
-
practical guidance for building and improving IT governance,
-
recommendations for managing IT and cyber risk,
-
best practices for meeting regulatory and standard requirements (e.g. ISO, NIS2, DORA, GDPR),
-
examples of solutions that actually work in organizations of different sizes.
Mapping Poland’s Cybersecurity SME Sector: Diagnosis, Needs, Recommendations
This report provides a comprehensive diagnosis of Poland’s cybersecurity SME landscape—its structure, growth potential, and key constraints in an environment shaped by escalating threats and regulatory pressure. The study uses a mixed-method approach combining desk research and mapping of 400+ entities with quantitative CAWI/CATI research (197 companies), 20 in-depth interviews (IDI), and expert panels, enabling a robust triangulation of data and decision-maker perspectives. It delivers 16 actionable recommendations for public institutions and ecosystem stakeholders—covering access to funding, certification and regulatory compliance, skills development, and international expansion—while outlining how high-potential firms can be engaged in the NCC-PL Competent Community initiative.
The Cybersecurity and Resilience Handbook
The Cybersecurity and Resilience Handbook is a practical guide for companies of all sizes, designed to help them systematically build cyber resilience, regulatory compliance and business continuity. It explains the current threat landscape in Poland and the EU – including ransomware, supply-chain attacks, phishing, deepfakes and AI-driven threats – and outlines key regulatory frameworks such as NIS2, DORA and GDPR. The handbook provides actionable best practices, layered defence models, guidance on detection, incident response and recovery, as well as a Basic Protection Level (BPL) programme with 20 essential measures tailored to SMEs.
Building Enterprise Resilience in the Context of Digital Security in Clusters
Building Enterprise Resilience in the Context of Digital Security in Clusters is a practical handbook for cluster coordinators, showing how to systematically strengthen the cyber resilience of member organisations—especially SMEs—within ecosystems that share data, resources and joint projects.
It covers typical threats affecting cluster environments (including phishing, AI-enabled spear phishing, ransomware and supply-chain attacks) and their impact on trust, cooperation and supply chains.
The handbook outlines the evolving regulatory context (NIS2/UKSC2 and the Cyber Resilience Act) and translates requirements into actionable steps—from risk assessment and awareness-building to supporting ISO 27001 and ISO 22301 adoption, and establishing a cluster ISAC for incident and threat information sharing.
Article: SOC 1, SOC 2 and SOC 2+ HIPAA Requirements for the Healthcare Sector
This article is a practical guide for healthcare organizations and health-tech providers looking to strengthen security, privacy, and stakeholder trust while meeting demanding compliance expectations. It explains the SOC reporting family: SOC 1 (controls relevant to financial reporting), SOC 2 (controls assessed against the Trust Services Criteria—security, availability, processing integrity, confidentiality, and privacy), SOC 2+ (SOC 2 extended with additional healthcare and jurisdiction-specific requirements such as HIPAA, GDPR and HIGHTRUST), and SOC 3 as a public-facing, high-level communication of assurance. The piece outlines the end-to-end attestation journey—from readiness assessment and scoping, through documentation and control testing, to reporting and continuous improvement—highlighting common control domains such as access management, change management, monitoring and logging, incident response, encryption, business continuity and disaster recovery, and third-party risk management. It also addresses the growing role of AI in healthcare and the governance practices needed to manage model risk, privacy, transparency, and accountability in high-impact use cases.
Webinar: SOC 1, SOC 2 and SOC 2+ HIPAA Requirements for the Healthcare Sector
This webinar offers a practical introduction to SOC 1, SOC 2 and SOC 2+ (including HIPAA) attestations in the context of healthcare providers and health-tech vendors. It explains how these reports differ, how to scope them effectively, and how to translate assurance expectations into operational controls and evidence. The session highlights key readiness areas—such as access management, monitoring, incident response, business continuity, and third-party oversight—while clarifying how a well-structured SOC approach supports trust, accelerates due diligence, and strengthens compliance posture in a rapidly evolving regulatory environment.
Webinar: Cybersecurity and Privacy Challenges in International Markets for MedTech Companies
This webinar recording focuses on the core cybersecurity and privacy risks faced by MedTech companies expanding internationally. It addresses the current threat landscape and how security incidents can affect business continuity, trust, and supplier/partner relationships across borders. The session outlines a practical approach to protecting sensitive data and operational processes in multi-jurisdiction environments, and shows how to align cyber safeguards with regulatory and compliance expectations in international markets.
