Black Cell Compliance

Black Cell Compliance offers its various services in the following service areas:

  • Risk Management
  • Control Maturity and Audit Readiness
  • Outsourced Services such as Information Security Officer and Data Protection Officer
  • Critical Infrastructure Assurance


Risk management

Our risk management services include:

  • Internal and external risk assessment
  • Risk management
  • Risk treatment planning

Who do we recommend risk management?

  • Organizations subject to Ibtv.
  • Financial institutions
  • Any security-conscious organization and business

Control maturity assessment

As part of the control maturity assessment, Black Cell Compliance:

  • Conducts an audit against the desired control framework
  • Identifies non-conformities, risks and opportunities
  • Develops and supports implementation of corrective measures
  • Establishes action plans and corrective measures

Who do we recommend control maturity assessment?

  • Organizations subject to Ibtv.
  • Financial institutions
  • Any security-conscious organization and business
  • Organisations aiming to obtain ISO 27001 certification

Methodologies and requirements for the basis of control maturity assessment

  • ISO/IEC 27001:2013
  • NIST SP 800-53
  • NIST Cybersecurity Framework (CSF)
  • lbtv. and its implementing regulation
  • Information security related MNB recommendations (e.g. 4/2019, 8/2020, 12/2020)

Audit readiness

As part of audit readiness services Black Cell Compliance prepares its clients for certification or renewal audits.

The development of an ISO based management systems begins with audit preparation activities, consisting of the below phases:

  • Control maturity assessment
  • Process optimization, documentation, and control deployment
  • Management system operations (internal audit, risk management)

Critical Infrastructure Audit Assurance

In Hungary, critical infrastructures (CI) can be designated in 9 sectors under Act CLXVI of 2012 (Lrtv.) and the sectoral government decrees. The (potential) critical infrastructure operator has the following responsibilities:

Prior to designation:

  • Conducting an identification assessment and preparing an identification report

After designation:

  • Appointment of a security officer
  • Creation of an operator security plan based on risk assessment to the authority

Black Cell Compliance assures the enforcement of the above-described tasks with a high level of professionalism.

Privacy Readiness

With the General Data Protection Regulation (GDPR), businesses controlling personal data face a myriad of tasks. Black Cell Compliance team has outstanding expertise in data protection to carry out the following tasks:

  • Personal data discovery
  • Process optimization
  • Security controls implementation
  • Documentation

Outsourced services

Data Protection Officer

Black Cell Compliance provides an outsourced data protection officer (DPO) to meet the requirements of the General Data Protection Regulation (GDPR), with the focus on the following categories:

  • Public authorities
  • Medical service providers
  • Data controllers whose main activities consists of regular and systematic large-scale monitoring of data subjects
  • Data controllers whose main activities involve extensive processing of special categories of personal data or criminal data

In accordance with the provisions of the GDPR the DPO’s main tasks are:

  • To inform and advise the controller
  • To monitor compliance with the GDPR
  • To provide advice as regards the data protection impact assessment
  • To cooperate with the supervisory authority and to act as the contact point for the supervisory authority on issues relating to processing

Black Cell Compliance offers all these tasks on a fully outsourced basis

Information Security Officer

Organisations subject to Act L of 2013 (Ibtv.) are required to appoint an Information Security Officer (IBF), with the following responsibilities:

  • Protection of electronic information systems
  • Ensuring that the activities of the organisation are carried out in accordance with the information security legislation
  • Preparing the organisation’s IT security policy
  • Preparing the security classification of the organisation’s information systems
  • Determining the security classification level of the organisation
  • Reviewing the organisation’s policies and contracts in the context of the security of its information systems
  • Liaising with the authority and the national CERT
  • Informing the authorities on information security incidents

Black Cell Compliance can provide all tasks under full outsourcing. Black Cell Compliance provides outsourced Information Security Officer (IBF) services to a wide range of customers.

Information Security Awareness

More than 90% of malware, harmful code or ransomware infiltrations are caused by unaware users. Junk mail and malicious attachments carry the potential for an incident that could hinder operations for extensive periods of time. The occurrence of information security incidents can be significantly reduced by ensuring information security awareness at all levels of the organisation.

As part of information security awareness, we provide information security awareness training, with the following focus areas:

  • Information security legislation, standards, internal regulations
  • Information security threats, risks and risk-averse behaviour
  • Business continuity training
  • Incident management training

We provide specialised trainings to raise awareness on specific topics or issues such as ransomware, crypto and cloud services.

We recommend information security awareness services for:

  • Organisations maintaining an information security management system
  • Organisations subject to the GDPR
  • Financial institutions
  • Critical infrastructures

Information Security Management System (ISMS) implementation

An information security management system (ISMS) implemented in accordance with ISO/IEC 27001:2013 represents an established and constantly fine-tuned information security maturity.

As part of our services, we implement the ISMS with the following key steps:

  • Control maturity assessment
  • Process optimization
  • Security controls implementation
  • Documentation
  • Risk management
  • Internal audit and non-conformity management

As part of the project we ensure successful certification audit and subsequent renewal audits.

Ibtv. Readiness

To achieve compliance with Act L of 2013 (Ibtv.), it is necessary to secure the data processed in information systems and to protect the information systems as required by the information security authority. Black Cell Compliance supports its clients in the following areas:

  • Outsourced Information Security Officer (IBF)
  • Official communication with the national authority
  • Risk management
  • Security leveling of the organisation and security classification of its information systems
  • Identification and management of non-conformities
  • Documentation and process optimisation

Lrtv. Readiness

As per Act CLXVI of 2012 (Lrtv.) operators providing essential services to society may be designated as operators of a vital system elements. The designated organisations must also comply with the criteria set out Ibtv.

Black Cell Compliance offers the following services:

  • Preparing identification report
  • Risk management
  • Operator Security Plan (OSP) creation
  • Advice on physical, logical, and administrative information security controls

If the organisation has previously implemented the above activities, experts in Black Cell Compliance team will support the organisation in verifying the compliance of the implemented activities.

MNB Readiness

Financial institutions must comply with the following information security related recommendations issued by the National Bank of Hungary (MNB):

  • MNB Recommendation 4/2019 (IV.1.) provides practical guidance for financial institutions on the use of community and public cloud services. Black Cell Compliance assesses the compliance of the organisation as well outsourced providers and subcontractors
  • MNB Recommendation 8/2020 (22.VI) aims to provide financial institutions with practical guidance on managing information security risks and opportunities. Black Cell Compliance assesses the compliance of the organisation as well outsourced providers and subcontractors
  • MNB Recommendation 12/2020 (XI.6.) ensures financial institutions provide adequately protected remote access to the internal network of the institution for employees and other persons with contractual access to the internal network of the institution (remote users). Black Cell Compliance can develop a remote working policy for the organisation that meets the requirements of the Recommendation

Business Continuity Management

It is vital to be prepared for events disrupting business processes to enable quick response and recovery. Black Cell Compliance’s Business Continuity Management services consist of:

  • Business impact analysis
  • Business Continuity Planning
  • Disaster Recovery Planning
  • Training and testing
  • Continuous improvement
  • Pandemic preparedness