ISO 27001 — the core standard
The international benchmark for information security. 93 control areas covering how we protect data, people, systems, and processes.
Read more →
ISO 27001 — the core standard
What every large customer, insurer, and regulator expects to see.
ISO 27001 is the international standard for running an Information Security Management System (ISMS). Certification says Dronetjek has a documented, audited, continuously improved approach to keeping information safe — not just a checklist, a working system.
Why it matters for us
- Unlocks enterprise and public sector deals in the EU that require it by default
- Lowers cyber insurance premiums and simplifies vendor security reviews
- Gives the board and customers a single, credible answer on our security posture
What's inside DICP
- All 93 Annex A control areas — from policies and HR to encryption and incident response
- The 7 management clauses (context, leadership, planning, support, operation, performance, improvement)
- A readiness percentage updated every audit run, so progress is visible to everyone
ISO 27002 — the playbook
The companion guide that tells us exactly how to implement each of the 93 controls — with the evidence auditors expect.
Read more →
ISO 27002 — the playbook
Where 27001 says what, 27002 says how.
ISO 27001 defines the controls you need. ISO 27002 is the 160-page implementation guide that explains how to actually do each one. Auditors read this side by side with 27001 when deciding whether a control is really in place.
What DICP does with it
- Every control comes with purpose, implementation requirements, and what evidence passes an audit
- Shows whether a control can be verified automatically or needs a documented procedure
- Keeps the guidance one click away from every finding so the team never wonders what the standard expects
The practical upside
- No more "what does this control mean" back and forth between management and the tech team
- Onboarding new staff to the compliance programme takes hours, not weeks
- Reduces reliance on external consultants during the run-up to certification
NIS 2 — EU cyber law
The EU's new cybersecurity directive. Mandatory for companies in essential and important sectors, with direct liability for leadership.
Read more →
NIS 2 — EU cyber law
Cybersecurity is now a legal duty of the board.
NIS 2 is the EU directive that turns cybersecurity from a best practice into a legal requirement for companies in essential and important sectors. It introduces fines up to 2% of global turnover and personal accountability for executives who fail to manage cyber risk properly.
Why this hits Dronetjek
- Infrastructure services, aviation, and public sector work all touch NIS 2 scope
- Member states had to transpose it by October 2024 — enforcement is ramping up now
- Supply chain clauses mean our customers will ask us about it even if we're borderline
How DICP covers it
- Most of NIS 2 maps onto ISO 27001 controls, so work done there counts here
- DICP flags the NIS 2 specific gaps: incident reporting timelines, supplier oversight, management training
- One platform, one readiness number, two frameworks covered at once
Evidence on tap
187 checks pulling proof straight from our Microsoft and GitHub environments — no more chasing screenshots.
Read more →
Evidence on tap — 187 automated checks
The spreadsheet-and-email evidence round is over.
Traditional ISO audits burn weeks of staff time collecting screenshots, emails, and policy references. DICP talks directly to our cloud and code environments and pulls the evidence every time an audit runs.
What gets checked automatically
- Encryption at rest and in transit across storage, databases, and key vaults
- Access controls — who has admin rights, MFA coverage, stale accounts, break-glass policy
- Patching, vulnerabilities, backups, logging, network isolation
- Source code hygiene — branch protection, secret scanning, SDLC controls
What stays manual
- Policies, training records, contracts, and similar document-based evidence
- DICP tracks what's still missing and who owns getting it done
AI remediation, in plain language
Click any failing finding and get a clear, prioritized fix plan — no jargon, no external services, nothing leaves Dronetjek.
Read more →
AI remediation, in plain language
Every failing check comes with a clear explanation and a plan.
DICP uses local AI to translate raw findings into the language the audience needs. A board summary, a ticket for the engineering team, or a step-by-step fix guide — all generated on-site.
What leadership gets
- Why this finding matters to the business and the audit outcome
- Estimated effort and priority, ranked by risk
- Who should own it and by when
Privacy built in
- Generation runs locally on our own hardware
- No cloud AI service, no API key, no customer data sent outside Dronetjek
- Satisfies the strict data handling requirements our customers and NIS 2 impose on us
Risk & policy library
73 ready-to-use risk scenarios and a library of policy templates. Pick, customize, approve, track renewals.
Read more →
Risk & policy library
Start from industry-grade scenarios, not a blank page.
Your risk register and policy set are the backbone of every audit. DICP ships pre-populated with the scenarios and templates most companies rediscover the hard way during certification.
Risk register — 73 scenarios across 16 categories
- Malware, phishing, insider threats, supplier compromise, fraud, data loss
- Privacy breaches, GDPR exposure, NIS 2 non-compliance
- Natural disasters, equipment failure, capacity constraints
- Each scenario scored twice: before controls, and after — so the ISMS effect is visible
Policy & document library
- Policy templates aligned to ISO 27001 Annex A and NIS 2 articles
- Placeholders for company specifics — fill once, reuse across frameworks
- Review reminders so nothing expires quietly before an audit
