Explore

Compliance

Black Cell Compliance offers its various services in the following service areas:

  • Risk Management
  • Control Maturity and Audit Readiness
  • Business Impact Analysis, Risk Assesmsent based on NIS 2 implementation
  • Outsourced Services such as Information Security Officer, Data Protection Officer and Resilience Manager for Critical Entities
  • Critical Infrastructure Assurance
Download whitepaper
Get Started

Services

Risk Management

Our risk management services include:

  • Internal and external risk assessment
  • Risk management
  • Risk treatment planning

Who do we recommend risk management?

  • Organizations subject to Hungarian Cybersecurity Act (NIS2)
  • Financial institutions (subject to DORA)
  • Any security-conscious organization and business

Audit readiness (ISO & NIS2)

As part of audit readiness services Black Cell Compliance prepares its clients for certification or renewal audits.

The development of an ISO or other standard/recommendation/legislation based management systems begins with audit preparation activities, consisting of the below phases:

  • Control maturity assessment
  • Process optimization, documentation, and control deployment
  • Management system operations (internal audit, risk management)

Privacy Readiness

With the General Data Protection Regulation (GDPR), businesses controlling personal data face a myriad of tasks. Black Cell Compliance team has outstanding expertise in data protection to carry out the following tasks:

  • Personal data discovery
  • Process optimization
  • Security controls implementation
  • Documentation

Control maturity assessment

As part of the control maturity assessment, Black Cell Compliance:

  • Conducts an audit against the desired control framework
  • Identifies non-conformities, risks and opportunities
  • Develops and supports implementation of corrective measures
  • Establishes action plans and corrective measures

Who do we recommend control maturity assessment?

  • Organizations subject to Hungarian Cybersecurity Act (NIS2)
  • Financial institutions (subject to DORA regulation)
  • Any security-conscious organization and business
  • Organisations aiming to obtain ISO 27001 certification

Methodologies and requirements for the basis of control maturity assessment

  • ISO/IEC 27001:2022
  • NIST SP 800-53
  • IEC 62443
  • NIST Cybersecurity Framework (CSF 0)
  • Hungarian Cybersecurity Act (NIS 2) and its implementing regulation
  • Information security related MNB recommendations (e.g. 1/2025, 2/2025)

Critical Infrastructure Audit Assurance

In Hungary, critical infrastructures (CI) can be designated in 8 sectors 25 subsectors under Act LXXXIV of 2024 (Kszetv.) and the government decree. The (potential) critical infrastructure operator has the following responsibilities:

Prior to designation:

  • Conducting an identification assessment and preparing an identification report

After designation:

  • Appointment of a resilience manager (employee or outsourced)
  • Creation of a resilience plan based on risk assessment (matrix) to the authority

Black Cell Compliance assures the enforcement of the above-described tasks with a high level of professionalism.

Submit inquiry

Explore

Outsourced Services

 

 

Data Protection Officer

Black Cell Compliance provides an outsourced data protection officer (DPO) to meet the requirements of the General Data Protection Regulation (GDPR), with the focus on the following categories:

  • Public authorities
  • Medical service providers
  • Data controllers whose main activities consists of regular and systematic large-scale monitoring of data subjects
  • Data controllers whose main activities involve extensive processing of special categories of personal data or criminal data

In accordance with the provisions of the GDPR the DPO’s main tasks are:

  • To inform and advise the controller

  • To monitor compliance with the GDPR

  • To provide advice as regards the data protection impact assessment

  • To cooperate with the supervisory authority and to act as the contact point for the supervisory authority on issues relating to processing

Black Cell Compliance offers all these tasks on a fully outsourced basis.

Information Security Officer

Organisations subject to Act LXIX of 2024 (Cybersecurity Act on implementation of NIS 2 Directive) are required to appoint an Information Security Officer (IBF), with the following responsibilities:

  • Protection of electronic information systems
  • Ensuring that the activities of the organisation are carried out in accordance with the information security legislation
  • Preparing the organisation’s IT security policy
  • Preparing the security classification of the organisation’s information systems
  • Determining the security classification level of the organisation
  • Reviewing the organisation’s policies and contracts in the context of the security of its information systems
  • Liaising with the authority and the national CERT/CSIRT
  • Informing the authorities on information security incidents

Black Cell Compliance can provide all tasks under full outsourcing. Black Cell Compliance provides outsourced Information Security Officer (IBF) services to a wide range of customers.

Resilience Manager for Critical Entities
  • liaises with the authorities,
  • assess the general, sectoral and organisational requirements, regulatory environment affecting the security of the critical organisation and critical entity,
  • prepare and update the risk assessment and resilience matrix,
  • prepare the resilience plan and its update,
  • assess the state of resilience of the critical entity,
  • report regularly to the head of the critical entity

 

Black Cell Compliance can provide all tasks under full outsourcing. Black Cell Compliance provides outsourced Resilience Manager services to a wide range of customers.

Information Security Awareness

More than 90% of malware, harmful code or ransomware infiltrations are caused by unaware users. Junk mail and malicious attachments carry the potential for an incident that could hinder operations for extensive periods of time. The occurrence of information security incidents can be significantly reduced by ensuring information security awareness at all levels of the organisation.

As part of information security awareness, we provide information security awareness training, with the following focus areas:

  • Information security legislation, standards, internal regulations
  • Information security threats, risks and risk-averse behaviour
  • Business continuity training
  • Incident management training

We provide specialised trainings to raise awareness on specific topics or issues such as ransomware, crypto and cloud services.

We recommend information security awareness services for:

  • Organisations maintaining an information security management system
  • Organisations subject to the GDPR
  • Financial institutions
  • Critical infrastructures
Submit inquiry

Explore

Information Security Management System (ISMS) implementation

An information security management system (ISMS) implemented in accordance with ISO/IEC 27001:2013 represents an established and constantly fine-tuned information security maturity.

What are the key steps?

As part of our services, we implement the ISMS with the following key steps:

  • Control maturity assessment
  • Process optimization
  • Security controls implementation
  • Documentation
  • Risk management
  • Internal audit and non-conformity management

As part of the project we ensure successful certification audit and subsequent renewal audits.

Submit inquiry

Cybersecurity Act (NIS2) Readiness

To achieve compliance with Act LXIX of 2024 (Cybersecurity Act on implementation of NIS2 Directive), it is necessary to secure the data processed in information systems and to protect the information systems as required by the information security authority. Black Cell Compliance supports its clients in the following areas:

  • Outsourced Information Security Officer (IBF)
  • Official communication with the national authority
  • Risk management
  • Security classification of the Organizattion’s electonical information systems
  • Identification and management of non-conformities
  • Documentation and process optimisation

Resilience of Critical Entities

As per Act LXXXIV of 2024 (Kszetv.) critical operators providing essential services to society may be designated as operators of a vital system elements. The designated organisations must also comply with the criteria set out Cybersecurity Act (NIS2)

Black Cell Compliance offers the following services:

  • Preparing identification report
  • Risk management
  • Resilience plan and matix creation
  • Advice on physical, logical, and administrative (information) security controls
  • Ousourced resilience manager

If the organisation has previously implemented the above activities, experts in Black Cell Compliance team will support the organisation in verifying the compliance of the implemented activities.

Black Cell Compliance offers the following services:

  • Preparing identification report
  • Risk management
  • Operator Security Plan (OSP) creation
  • Advice on physical, logical, and administrative information security controls

If the organisation has previously implemented the above activities, experts in Black Cell Compliance team will support the organisation in verifying the compliance of the implemented activities.

Business Continuity Management

It is vital to be prepared for events disrupting business processes to enable quick response and recovery. Black Cell Compliance’s Business Continuity Management services consist of:

  • Business impact analysis
  • Business Continuity Planning
  • Disaster Recovery Planning
  • Training and testing
  • Continuous improvement
  • Pandemic preparedness

MNB (DORA regulation) Readiness

Financial institutions must comply with the following information security related recommendations issued by the National Bank of Hungary (MNB) in line with the DORA regulation and RTFs:

  • MNB Recommendation 12/2020 (XI.6.) (on IT security requirements for teleworking and remote access) ensures financial institutions provide adequately protected remote access to the internal network of the institution for employees and other persons with contractual access to the internal network of the institution (remote users). Black Cell Compliance can develop a remote working policy for the organisation that meets the requirements of the Recommendation
  • MNB Recommendation 1/2025 (I.13) (on information system security) aims to provide financial institutions with practical guidance on managing information security risks and opportunities. Black Cell Compliance assesses the compliance of the organisation as well outsourced providers and subcontractors
  • Recommendation 2/2025 (I.13) (on the use of community and public cloud services) provides practical guidance for financial institutions on the use of community and public cloud services. Black Cell Compliance assesses the compliance of the organisation as well outsourced providers and subcontractors
Submit inquiry