Unique legal services in the field of ICT and cyber security

LAW FIRM CTIBOR LEGAL

SERVICES

Legal services in the field of cyber security

Security Incidents Reporting, Investigation Support, Evaluation

We cooperate to report Security incidents that have or may have an impact on the security of the data or information systems of the compromised entity to the supervisory authorities (CERT/CSIRT) and selected third parties. We legally support compromised entities in relevant investigations, until final completion and appropriate evaluation.

GAP Analysis, Draft, Implementation

In the context of the new Directive (EU) 2022/2555 of the European Parliament and of the Council on measures to ensure a high common level of cyber security across the Union (NIS 2) and the preparation of the new Cybersecurity Act (including implementing decrees), we provide comprehensive services, including identification of future obliged entities (so called providers of a regulated service), assessment of managerial responsibility or proposal/revision of ISMS. Based on a comprehensive GAP analysis, we propose effective solutions and assist in the preparation of organizational, operational and technical measures (internal or external SOC, etc.), including their implementation.

Risk Management, Management Policy, New Suppliers

We support obliged entities under the existing and upcoming new Cybers Security Act (following the transposition of the NIS 2 Directive) in implementing supply chain risk management (technical and organizational measures, assessing the credibility of suppliers, distinguishing between common and major suppliers, etc.). We also provide legal services to entities that are already or plan to be suppliers of obliged entities (e.g. updating contractual documentation, testing, questionnaires).

Insurance Coverage Scope, Cyber-Insurance, Consultation

We identify the existing scope of insurance coverage (liability insurance, D&O insurance for statutory bodies). We assist in the preparation of documents for arranging cyber-risk insurance (Cyber-insurance, Cyber-risk), as stand-alone or add-on insurance. We also provide consultations on the content of the insurance policy for cyber risk (policy exclusions, limits), focusing on the scope of compensation for damage caused to the insured (e.g. costs associated with disruption or interruption of operations, hacker attack, blackmail, regulatory proceedings or GDPR sanctions) and third parties (e.g. privacy, lost profits or renewal costs).

Legal Requirements Review, Registration, Review

We verify compliance with the legal requirements for registration in the catalogue of cloud computing service providers in public administration, as maintained by the Ministry of the Interior of the Czech Republic (https://www.mvcr.cz/clanek/katalog-cloud-computingu.aspx?q=Y2hudW09Mg%3d%3d)

We set up the processes necessary for such registration and provide already registered providers with continuous consultancy, including checks on the fulfilment of existing and new obligations.=<

ICT Law/Software:

Service Level Agreement, Software Maintenance and Support Agreement, Operation Level agreement, Cloud Services Agreement

SLA

For Service Level Agreements (SLAs), we focus primarily on operating speed, performance requirements, availability in terms of time and other technical parameters.

We also pay attention to defining the scope, level and quality of the services provided, such as guaranteed time availability (e.g., 24/7) or speed of service troubleshooting.

We distinguish what the supplier provides and what the customer procures, according to the nature of the service: IaaS (Infrastructure as a Service), PaaS (Platform as a Service) or SaaS (Software as a Service). And not only for cloud solutions (Cloud Computing).

SMA

We review and propose Software Maintenance and Support Agreement (SMA) concerning the provision of technical support and updates for an existing software product by the SW supplier. For example, we concentrate on the effective date of features such as new versions or upgrades and pricing policy in general.

OLA

Within the framework of the Operational Level Agreement (OLA), we focus, among other things, on the definition of mutual relationships between SW creators and administrators. We determine exactly which of them bears what responsibility and what services they provide, so that the customer is not harmed by this plurality of suppliers.

CSA

We deal with specific Cloud Services Agreements (CSA), whether separately or in combination with other services. In particular, we ensure the security of entrusted data, their availability and other legal aspects.

ICT Review, ICT Due Diligence, Identification of Key Risks

We carry out a complete review of existing ICT legal solutions or Due Diligence (DD) of ICT assets, systems, processes, policies and procedures, both in the case of sale or acquisition. We present a clear picture of the ICT capabilities of the subject of the transaction, including the identification of key risks in technologies or processes and their impact on the transaction itself.

See Legal Services in Detail

AREAS OF EXPERTISE

We are a law firm specializing in ICT.
We are creative, courageous, and persistent.
We are on the way. Together. Till the goal is reached.

ABOUT US

UNIQUE SOLUTIONS

Fulfilled goals in the field of ICT are our motivation. Through tailor-made legal solutions, we turn problems into success. We are always bringing projects to the finish line.

INTERNATIONAL

We have international experience.

We manage the implementation of foreign ICT concepts. We draw the latest inspiration from abroad. We bring foreign trends and innovations.

PRO-CLIENT APPROACH

We are professionals, we act helpfully and openly. We build long-term relationships based on trust, respect, and transparency. We understand ICT specialists and project managers.