ENSI – the most experienced team of experts in Poland, which for over 20 years has been aiding organizations to successfully solve problems related to information security in all its areas, including both trade secrets and personal data, as well as computer systems.
The company was founded in March 1998, as the result of the transformation of the Instytut Bezpieczeństwa Sieciowego (IBS, Network Security Institute), which had been operating since January 1996. As the pioneers on the market, within the framework of Instytut Bezpieczeństwa Sieciowego we performed the following work:
- conducted the first ordered penetration test for the first online brokerage office in Poland – Dom Maklerski Banku Ochrony Środowiska S.A. (1996);
- organized the first in Poland international conference in the field of information and computer system security (InterSec.con 1996 r.);
- tested the Rządowa Sieć Wyborcza (Governmental Election Network) during the constitutional referendum and parliamentary election (1997).
In over 20 years of our activity we have conducted more than 100 Information Security Policy implementation projects, prepared nearly 400 organizations to fulfill the personal data protection obligations, conducted 500 different computer system security audits, organized many prestigious conferences and trained approximately 30 000 people from various organizations during special training and workshops. Our team of experts performs the role of the Data Protection Inspectors and persons supervising the protection of personal data at more than 40 subjects in Poland.
We were the first in Poland, who took care of advising on the protection of personal data, immediately after the entry into force of the Law on Personal Data Protection (30 April 1998). The experience gained in that period (over 20 years of experience) allows us to prepare efficiently every organization to fulfill the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
Activities of our company include the following areas: organizational, technical and training.
CONSULTING in the scope of:
- management of the processing of personal data - preparing companies to fulfill all the obligations arising from the provisions on the protection of personal data,
- Information security management – personal data, business secrets, stockmarket information, professional secrecy and other legally protected information,
- Supervision of the processing of personal data - performing the role of Data Protection Officers, performing the tasks associated with ensuring compliance with the provisions on personal data protection, by designating the person supervising the protection of personal data; supervision and consultations within the scope of processes of personal data processing;
- Computer system security management – business applications, LAN/WAN network, connection to Internet, cyberspace security;
- Business continuity management (BCP/BCM/DRP);
- Integration of quality and security management systems – ISO 9000 and ISO 27000-series standards,
- Improvement and development of the functioning of the company and improvement of the “culture of the protection of information” (implementation of the special programs relating to the introduction of an appropriate system of behavior of the employees aimed at the proper protection of information within the organization).
All the works are conducted on basis of the tested, original methodologies of ENSI:
- TISM (Total Information Security Management) - information security management,
- TSM-BCP (BCM) - business continuity management,
- TISM/ISMS - information quality and security management,
(ISMS in accordance with ISO 27001),
- TSM (Total Security Management) - operational risk management,
- PBDO - personal data processing procedures management.
The Information Security Policy, Business Continuity Plans and Operational Security Policy are created on the basis of the mentioned above methodologies and adapt to the needs of companies in accordance with all the legal requirements, organizational and international standards, including the ISO 27001 standard (ISMS system), ISO 17799 and recommendations of the Basel Committee.
COMPUTER SYSTEMS TESTS AND AUDITS conducted by the ENSI experts team include external and internal penetration tests, web application security tests, as well as audits of compliance of systems with legal requirements (Act on the Protection of Personal Data, Act on Accounting, Act on the Protection of Classified Information).
TRAINING AND WORKSHOPS conducted by the ENSI experts team among others concern performing the role of Data Protection Officers, performing the new tasks ensuring compliance with the provisions on personal data protection, management of personal data processing procedures, information security management (TISM), business continuity management, computer system security management, legal aspects and principles of protection of information, etc.
ENSI organizes two cyclical, prestigious expert conferences Congress of Administrators of Information Security (Kongres ABI) and TISM Congress (Kongres TISM).
Due to the knowledge and experience established on the basis of academic activity and many years of practice, the projects we have implement are highly regarded both by our clients and the specialists in the subject of security of information and of computer systems.