CYBER SECURITY. ICT. ESG.

Unique Legal Services
LAW FIRM CTIBOR LEGAL

SERVICES

Legal services in the field of cyber security

Security Incidents Reporting, Investigation Support, Evaluation

We cooperate to report Security incidents that have or may have an impact on the security of the data or information systems of the compromised entity to the supervisory authorities (CERT/CSIRT) and selected third parties. We legally support compromised entities in relevant investigations, until final completion and appropriate evaluation.

GAP Analysis, Draft, Implementation

In the context of the new Directive (EU) 2022/2555 of the European Parliament and of the Council on measures to ensure a high common level of cyber security across the Union (NIS 2) and the preparation of the new Cybersecurity Act (including implementing decrees), we provide comprehensive services, including identification of future obliged entities (so called providers of a regulated service), assessment of managerial responsibility or proposal/revision of ISMS. Based on a comprehensive GAP analysis, we propose effective solutions and assist in the preparation of organizational, operational and technical measures (internal or external SOC, etc.), including their implementation.

Risk Management, Management Policy, New Suppliers

We support obliged entities under the existing and upcoming new Cybers Security Act (following the transposition of the NIS 2 Directive) in implementing supply chain risk management (technical and organizational measures, assessing the credibility of suppliers, distinguishing between common and major suppliers, etc.). We also provide legal services to entities that are already or plan to be suppliers of obliged entities (e.g. updating contractual documentation, testing, questionnaires).

Insurance Coverage Scope, Cyber-Insurance, Consultation

We identify the existing scope of insurance coverage (liability insurance, D&O insurance for statutory bodies). We assist in the preparation of documents for arranging cyber-risk insurance (Cyber-insurance, Cyber-risk), as stand-alone or add-on insurance. We also provide consultations on the content of the insurance policy for cyber risk (policy exclusions, limits), focusing on the scope of compensation for damage caused to the insured (e.g. costs associated with disruption or interruption of operations, hacker attack, blackmail, regulatory proceedings or GDPR sanctions) and third parties (e.g. privacy, lost profits or renewal costs).

Legal Requirements Review, Registration, Review

We verify compliance with the legal requirements for registration in the catalogue of cloud computing service providers in public administration, as maintained by the Ministry of the Interior of the Czech Republic (https://www.mvcr.cz/clanek/katalog-cloud-computingu.aspx?q=Y2hudW09Mg%3d%3d)

We set up the processes necessary for such registration and provide already registered providers with continuous consultancy, including checks on the fulfilment of existing and new obligations.=<

ICT Law / Software

Service Level Agreement, Software Maintenance and Support Agreement, Operation Level agreement, Cloud Services Agreement

SLA

For Service Level Agreements (SLAs), we focus primarily on operating speed, performance requirements, availability in terms of time and other technical parameters.

We also pay attention to defining the scope, level and quality of the services provided, such as guaranteed time availability (e.g., 24/7) or speed of service troubleshooting.

We distinguish what the supplier provides and what the customer procures, according to the nature of the service: IaaS (Infrastructure as a Service), PaaS (Platform as a Service) or SaaS (Software as a Service). And not only for cloud solutions (Cloud Computing).

SMA

We review and propose Software Maintenance and Support Agreement (SMA) concerning the provision of technical support and updates for an existing software product by the SW supplier. For example, we concentrate on the effective date of features such as new versions or upgrades and pricing policy in general.

OLA

Within the framework of the Operational Level Agreement (OLA), we focus, among other things, on the definition of mutual relationships between SW creators and administrators. We determine exactly which of them bears what responsibility and what services they provide, so that the customer is not harmed by this plurality of suppliers.

CSA

We deal with specific Cloud Services Agreements (CSA), whether separately or in combination with other services. In particular, we ensure the security of entrusted data, their availability and other legal aspects.

ICT Review, ICT Due Diligence, Identification of Key Risks

We carry out a complete review of existing ICT legal solutions or Due Diligence (DD) of ICT assets, systems, processes, policies and procedures, both in the case of sale or acquisition. We present a clear picture of the ICT capabilities of the subject of the transaction, including the identification of key risks in technologies or processes and their impact on the transaction itself.

Legal services in the field of ESG

Audit, implementation, definition

We carry out a comprehensive audit or revision of existing documents, policies and procedures with regard to the Corporate Sustainability Reporting Directive (CSRD), propose modifications to these documents, identify further necessary steps and support the implementation of a comprehensive solution to ESG issues, including support for the circular economy strategy. We support clients in understanding CSRD compliance, we explain the meaning and legal consequences of the terms used in CSRD.

Significance, voluntariness, disclosure

Within the European Sustainability Reporting Standards (ESRS) and in accordance with the principle of double significance, we provide opinions regarding expected obligations (reports on impacts, risks, opportunities, etc.). We communicate the difference between ESRS 1 and ESRS 2. We work together to design and implement policies and procedures that are consistent with the requirements of the ESRS 2 proposal. We clarify the meaning of the terms disclosed, considered for disclosure or may be disclosed and help clients understand the relevant legal implications.

Training, Financing, Transactions

We provide training in ESG related areas. We help with financing issues, focusing on sustainable financing and meeting the expectations of financing institutions in the field of ESG (LEED - Leadership in Energy and Environmental Design, BREEAM - Building Research Establishment Environmental Assessment Method, etc.) We process ESG documents for financial audits or M& ;A transaction.

See Legal Services in Detail

AREAS OF EXPERTISE

We are a law firm specializing in cyber security, ICT and ESG.
We are creative, courageous, and persistent.
We are on the way. Together. Till the goal is reached.

ABOUT US

UNIQUE

SOLUTION

Fulfilled goals in the field of cyber security, ICT and ESG are our motivation. Through tailor-made
legal solutions, we turn problems into success. We are always bringing projects to the finish line.

INTERNATIONAL ELEMENT

We have international experience. We manage the implementation of foreign concepts. We draw
the latest inspiration from abroad. We bring foreign trends and innovations. We see EU regulation of
cyber security and ESG as a challenge, not a problem.

PRO-CLIENT APPROACH

We are professionals, we act helpfully and openly. We build long-term relationships based on trust,
respect, and transparency. We understand ICT and ESG specialists and project managers.