Understanding the EU Electronic Evidence Package | Interview with Cristos Velasco
Welcome to Secure and Simple podcast. In this podcast, we demystify cybersecurity governance compliance with various standards and regulations and other topics that are of interest for consultants, and other cybersecurity professionals. Hello. I'm Dejan Kosutic, and I'm the host of Secure and Simple podcast. Today, we have a very interesting guest.
Dejan Kosutic:His name is Cristos Velasco, and he's an independent consultant and associate professor in the fields of cyber law, cybercrime, cybersecurity, data privacy, artificial intelligence, and he's the author of five books on all of these topics. He has amongst others very interesting clients like United Nations Office on Drugs and Crime, Interpol Council of Europe, OECD. So in today's podcast you'll learn more about this legal aspect of cybersecurity and in particular best practices on how to preserve electronic evidence. Welcome to the show, Christos.
Cristos Velasco:Thank you, Dejan. Thanks for hosting me in your show.
Dejan Kosutic:So how did you actually become a consultant? What triggered you really to go
Cristos Velasco:in Well, has been quite a long path. I started out doing consultancy mostly for a boutique firm in Mexico City specializing in information technology trade law. And then through that path, it actually led me to just go into different directions, exploring different areas of cyber law, cyberspace regulation, data privacy, cybersecurity, and much more, well, more specifically focused on cybercrime and electronic evidence. So this has been quite a long field. And since then, I've been focused for the last twenty years in this specific area, mostly cybercrime, AI and preservation of electronic evidence as it relates and the needs that are actually needed for criminal justice authorities and law enforcement authorities responsible for these tasks.
Dejan Kosutic:Okay, and how come you didn't really go fully into the, let's say academic world or let's say fully to working for government agency, I mean, why working as, let's say, independent consultants where there is no guarantee, right, that you will have enough work to do. So why going into
Cristos Velasco:the Well, this is, I think, find it like a very interesting mix, know. Ever since I left Mexico, well, I was very much involved in the academic field. So this is an area I could actually not live without. And I'm still doing it today. And I work as an associate professor at the Hallebein Mannheim in And to be honest, you know, well, just teaching and being with the students and be part of the academic world, it's also very satisfying and fulfilling for me.
Dejan Kosutic:Okay, good. So let's speak a little bit about this world of electronic evidence. So in short, very short, a couple of short sentences, how would you summarize what really electronic evidence is and why is this really important for cybersecurity?
Cristos Velasco:Yes, excellent. Well, I mean, I mean, as it is the case in most definitions from coming from cybersecurity and cyber crime, there is no other standard, quite like definition of electronic evidence. But this actually means, you know, the way that law enforcement authorities might actually seek, you know, and grasp the collection of evidence that might be useful for a criminal investigation. Have to remember today, Dayan, that most of the evidence that law enforcement authorities need are contained in digital devices. Everything that has to do with our laptops, our smartphones, and everything that is actually kept and preserved in the store and stored by service providers, telecommunication service providers.
Cristos Velasco:And this is a fact, I mean we're based in Europe and the European Commission has mentioned and there's a statistic out there that mentions that almost 60, more than 60% of the electronic evidence that is stored and that is needed by these criminal justice authorities is kept in the hands of global service providers. So that's why it's so useful today to have that evidence that is actually divided into three different categories. It could be subscriber information, traffic data and content data.
Dejan Kosutic:And you mentioned these global service providers, so you mean companies like Google or Microsoft or
Cristos Velasco:some other Yes, well global service providers all like most of that we know them, the top five like Microsoft, Amazon, Meta, Twitter, and all these different sub companies are part of those companies like WhatsApp. And we have to remember today that now we have crypto. And much of the evidence that is also actually going through and that is actually in the needs law enforcement authorities is in the possession of crypto exchanges. So that's another area that's actually growing and it's actually having a lot of relevance today. And it's becoming much more complex because you know, we talked about like the preservation of the blockchain and the evidence, well we can go into more technical details, but it's also part of the evidence that is needed for criminal investigation.
Dejan Kosutic:So without diving into, let's say, into depth of technology, is really this blockchain technology a good, let's say, way to preserve evidence?
Cristos Velasco:I think, well, technically speaking, yes, it's a good way to preserve it. To have a grasp of that evidence, that's where the challenge is actually happening these days. Of the law enforcement authorities today are actually trying to get sufficient training, sufficient cooperation from all these different blockchain intelligence companies so that they could actually provide some help and guidance to make them reserve and have access to that evidence. This is challenging. It's not a new area.
Cristos Velasco:It's an American area, but it's highly needed. And we are, in highly need of experts and expertise from not only from the government, also from the private sector that could actually lead and could help and support law enforcement authorities to make a better of the preservation of this type of evidence.
Dejan Kosutic:So if I understood well, one of the biggest problems that, let's say, this part of the industry is facing is lack of experts, lack of knowledge.
Cristos Velasco:Well, you could say one part is that. The second, I mean, this is an ongoing field. It's growing and it's growing and there are some techniques, especially in crypto, which is becoming very specialized and highly technically, technically, yeah, specialized. I mean, it's really hard to catch up with the new and latest developments, you know, what law enforcement authorities learned like three or six months ago, it's no longer useful. It's changing, it's an evolving field.
Cristos Velasco:However, it's also important, you know, that these law enforcement authorities and experts, specifically experts that have an interest in this field, that they keep at least, you know, the basic ideas on how to keep track of this evidence that is going through the different blockchains.
Dejan Kosutic:This is what is changing, okay, understand that technology is changing on one hand, but is it also changing, I mean this need for change also comes from the changing legislation or why are the things so
Cristos Velasco:Well, that's an interesting question. And this is an area that I am actually, I would like to go a little bit further. I'm a lawyer specializing in this field. Legislation, I mean, well, Europe, well, we have now the EU electronic evidence package, which was published in August of twenty twenty three and it will be enforced in 2026 next year. Essentially this package, which consists of a regulation and a directive, will allow law enforcement authorities to have access to electronic evidence, especially traffic data and content data hosted by an internet service provider even when the service provider is not specifically located in the European Union.
Cristos Velasco:So in that sense, well, this regulation provides specific rules, timeframes and ways to preserve that evidence directly or to request this evidence directly from service providers located in different jurisdictions. So that's one part, that's one European legislation, but we have to remember that we this is an international topic. And on this area, well there's already a binding treaty that provides some basic and essential rules on the preservation of electronic evidence, which is the Budapest Cyber Crime Convention. And most recently, the second additional protocol, which is still pending to be enforced. It still requires the ratification of five member states to enter into force.
Cristos Velasco:But, essentially this new second additional protocol will provide like more global and specific rules for member states that are part of the Budapest Convention to request, you know, the preservation of electronic evidence from global service providers as well as, you know, domain name registrars. This is instrument. There's another upcoming instrument which is the UN Treaty, well the UN Convention on Cybercrime, which also contains specific rules on the preservation evidence in real time and also international cooperation measures which also very much combine all these different rules on the preservation of electronic evidence when one country needs that evidence that is stored in a jurisdiction outside of its reach, as to say. So this is in a nutshell, I mean these three main upcoming instruments that will be shortly coming to force and that will provide the specific rules for the preservation of electronic evidence.
Dejan Kosutic:So very dynamic. So on this EU package, what companies actually have to do to prepare for this EU package? Mentioned the 2026 EU package.
Cristos Velasco:Yes, it will enter into force in August of twenty twenty six. Well, as you know, most of these regulations and directors usually give like a timeframe so that the member states could actually have enough time to transpose it or to implement it at the national level. So essentially August '20, '2 thousand and '6 will be the So in that sense, what now, well, some experts need to be prepared for, especially law enforcement authorities, this will be a game changer in a way that now, you know, law enforcement authorities could request the preservation of electronic data, specifically subscriber information and traffic data within ten days from the service provider. We have to remember that before with the current rules, usually the timeframe under the European investigation order, there was a deadline of one hundred and twenty days, which was sort of like the general time frame. But this is just talking about the countries that are part of the European Union.
Cristos Velasco:But think about like a country where the evidence or the service provider might reside, think about US, perhaps Brazil or any other country outside of the EU, well that will take much longer. And in that sense, well the common instrument that is actually used by these law enforcement authorities is the mutual legal assistance request. Which is well, it's an old instrument. It's still legally binding. But it takes in general, at least in Europe 10 Months get the preservation of this evidence because it has to go through different channels, no?
Cristos Velasco:From the criminal justice authority to the Ministry of Foreign Affairs and goes on and goes on. So now with this new regulation, we will have an improvement in a way that the timeframes will be shortened.
Dejan Kosutic:Much shorter. Okay, so how companies need to prepare for these short timeframes and for these new requirements?
Cristos Velasco:Well, perhaps this is just, if you are an advisor, specifically of internet service providers, well you have to think that if this is an internet service provider that does not specifically reside in Europe, well you have to think that they will have to come up with some requirements like you know having and appoint a legal representative if that service provider is not specifically located in Europe. They need to appoint a legal representative. Also another important thing that they need to do is that if they don't have an office or a presence in the European Union, they might probably have to appoint that. I mean there's the possibility under the directive to appoint a legal representative or, you know, a subsidiary or an office, according to whatever needs. The thing here is that we had these problems before, you know, especially with global service providers that they don't want to be, you know, governed by the rules even though they are have or they were actually targeting European consumers.
Cristos Velasco:And that is changing and this is now not an excuse. They will have to appoint a legal representative or a legal office.
Dejan Kosutic:Understood. Okay, so if I understood well, this is similar to GDPR because in GDPR also there are requirements to appoint this legal representative that is within you, right? Okay, but what about the companies that are based in Europe? What will change for them? What are the biggest changes they will have to do because of this EU package?
Dejan Kosutic:Well,
Cristos Velasco:it does, essentially, well, they will have to comply with all these rules, with the different timeframes, with the different appointments. And also what's interesting, Diane, is like under this new package, now there will be a new net database that will be created by the European Commission with the support of the European Member States. Through this tool they will be able to actually exchange information on a confidential basis. And this is very relevant because before we didn't have that. I mean we had like some spread databases out there but there were not like, you know, really well coordinated or harmonized.
Cristos Velasco:And that's another thing, you know, some member states will have to prepare on how to, you know, provide specific interaction and harmonization on how to comply with the use of this database that is going to be used to preserve this evidence.
Dejan Kosutic:And from your experience, are most of the companies already compliant and they just have to add a little bit more because of this new EU package or are most companies very much not prepared and they will have to do most of the things from the very beginning?
Cristos Velasco:Well, that's an excellent question, Dejan. And actually, well, if you read the CERES 2,000 report from EuroJose, there's an interesting finding there that it mentioned that only 4% of companies dealing with, you know, provision of hosting services are sufficiently compliant with the upcoming rules of the EU. Wow. So that perhaps will give you sort of like you know, an example of how important now is to take, well, seriously this legislation.
Dejan Kosutic:Yeah, it's very interesting, yeah, definitely. Especially for aspiring consultants who would like to go into this area. Okay, now let's switch back to this electronic evidence. There is also this concept of digital forensics. How would you actually explain the difference between electronic or preservation of evidence and digital Yes.
Cristos Velasco:Well, essentially digital forensics is more like this area that goes into researching actually so that law enforcement authorities could have access to specific information that is contained in a computer system, in a digital device. And this is usually assisted through the use of technologies that are normally licensed by major digital forensic companies. So that's in a nutshell what digital forensics is. Well, digital forensics also involves different steps which includes first of all the initiation, the preservation and the presentation of that evidence so that it could be actually legally binding in a court of law. This is an area that is also very interesting specifically for police and public prosecutors that want to have access or want to size evidence or equipment as part of a criminal investigation.
Cristos Velasco:We have to think that when they search a premise, an office or a house, they come across a number of physical devices. Laptops, computers, memories, RAM memories, whatever you call it. And that, those devices are very relevant because this is where, many or most of the devices are needed to preserve things that, you know, criminal justice authorities need to prove that a crime was committed. Whereas when we talked about preservation of electronic evidence, it's essentially you know a provisional measure that a law enforcement authority, whether it's an investigative judge, a public prosecutor, requests to a telecommunications service provider, a global service provider, essentially to freeze the information that they have in their servers. So by the time that they get a search warrant, this evidence is preserved and won't disappear or won't fade away immediately.
Cristos Velasco:Because that's you know one of the things that happens you know this digital evidence is so volatile. It just it could disappear within a matter of minutes, hours. So that's why it's so important, you know, this preservation things that are actually regulated in the Budapest Cyber Crime Convention, in the upcoming UN Convention on Cybercrime and the EU package. So essentially those are the main differences between digital forensics and preservation of evidence.
Dejan Kosutic:So, and from the company point of view, is this preservation of electronic evidence only important because of this illegal side or is there any other aspects that are, let's say, important for companies? Well,
Cristos Velasco:this is an interesting thing because if you take a look at the big picture, we are going through some complexities, specifically here in Europe. We have also legislation on, well not only on preservation of electronic evidence but also legislation on data retention. And we have to remember, Dayan, that there was a court judgment from the European Court of Justice of the European Union that actually ruled that this, you know, that data retention directive was considered to be go beyond further the fundamental rights and it was actually invalidated. So in theory, this data retention directive should no longer be applicable across the EU. However, there are some countries that are still applying it.
Cristos Velasco:Like for instance Spain. And there are some other countries that struck down or took into consideration this resolution from the Court of Justice of the EU, but in practice they are still using it. And there's also some inconsistencies on the terminology of what might be understood as data retention and data preservation. This is something that I have also noticed when I go to all these different forums, these seminars, that there's this, you know, I mean, there's no clear, you know, there's not a clear distinction between both, between those two concepts.
Dejan Kosutic:Now, when it comes to, preservation of electronic evidence, is it, you know, enough to use some kind of a tool within company just to resolve this or is this something much more than using certain technical tools?
Cristos Velasco:Well, it's actually well, if you were talking about preservation of electronic evidence, it's essentially about making use of, well if it's a law enforcement authority, they will have to go through the right channels, either through the website of the company so that if it's Meta, if it's Microsoft, they have their own websites where they actually require the law enforcement authorities to fill up different formulas and fulfill different requirements so that they could go on and say well yes, we are in a position to preserve that evidence. But sometimes, many of those websites or the information that is not provided is not sufficiently enough for the service providers. And this is another area in data that some law enforcement authorities and criminal justice authorities are facing. They're facing some troubles on the way that they believe that they have fulfilled all the information so that this evidence could be preserved. But some of those companies still deny or might deny on specific, you know, things that, they did not fulfill.
Cristos Velasco:And especially if it's an American service provider, they will have to prove a number of things so that the service provider have to or preserve that evidence. And that will include whether this is an emergency situation. And also under the American system they will have to provide this digital evidence that is actually sufficiently needed so that it could be preserved. So the standards of you know, of preserving the evidence actually vary between Europe and US. And this is also some complexities that for instance, consultants should take into consideration whenever they are advising service providers or law enforcement or criminal justice authorities.
Dejan Kosutic:Okay, on the company side, if the company does receive this, let's say, order to or request to preserve electronic evidence, is it enough to simply use some kind of technology to do it or is there more to it? Is there some kind of organizational process that is needed for this to happen?
Cristos Velasco:Well, I mean, when it comes to the technology, I mean, there's, I mean, I have already made this distinction about the different types of data, subscriber data, traffic data, content data. And the more sensitive the data is, the more requirements are needed. And they will have to actually go through all these different, you know, mutual legal assistance procedures, it's, you know, content Specific information about photographs, videos. But also traffic data. Some countries still require that this is approved either a judge, an investigative judge, or at least you know a public prosecutor.
Cristos Velasco:But, so essentially it varies from you know country to country and jurisdiction to jurisdiction. And the trick here is you have to be aware of all these different laws and regulations that regulate all the preservation of electronic evidence.
Dejan Kosutic:From a technical point of view, probably it's important to preserve metadata, timestamps, digital signatures, these kind of things. Is there anything else from a technical point that usually needs to be preserved?
Cristos Velasco:Well, another thing that might sound so simple is, for instance, IP addresses. We have to remember that most of those IP addresses are very useful and very practical for law enforcement authorities to know the whereabouts of a suspect, a criminal. And based on that, this information is also very useful. So that's one thing. IP addresses.
Cristos Velasco:But also, well, you mentioned clearly timestamps. Timestamps is another area or another information that might actually be needed. So, so yeah, I mean, it's just, depending but you have to be very aware on the sensitivity of the data. As I mentioned before, the more sensitive the data, the more requirements are needed for criminal justice authorities to have a grasp or to request and freeze the preservation of that evidence.
Dejan Kosutic:And are there some special rules on how these preserved evidence needs to be protected? So are there some special cybersecurity controls that need to be applied to this preserved?
Cristos Velasco:Well, not necessarily. I mean, well, I mean, think about like this data is mostly in the hands of private sector. So depending on the way that it's actually fulfilled, requested, and whether it's an emergency situation. An emergency situation is actually also defined in the new upcoming package of the EU electronic package and also the second additional product. An emergency situation might be a situation where the imminent life of a person, of an individual is in danger.
Cristos Velasco:Think of an example, if this is a situation of someone who might be in danger of being kidnapped or someone who is in danger of being sexually abused by a pedophile. This might actually be considered an emergency situation and in that case, and especially under specific rules, especially the second additional protocol, the EU package, there are some exceptions as to how this might be preserved. It could be directly requested to the service provider and the service provider might have to actually provide that information. But obviously the standard of proof, they will have to prove that this an emergency.
Dejan Kosutic:Okay, okay. And there is also this concept of a chain of custody. So how is this really related to this preservation?
Cristos Velasco:Oh, that's an interesting question. Well, the chain of custody is essentially this legal procedure that provides all the different steps on how, you know, any type of evidence and not even, you know, digital evidence or electronic should be preserved. And this is, you know, for instance, is very mostly used in different prime areas, you know, the chain of custody. But well, there's also chain of custody in the electronic world and that will have to fulfill all these different steps that law enforcement will have to follow and then will have to present that, you know, in a court of law to be sufficiently admissible so as to prove that this evidence was legally obtained and collected and without infringing any individual rights, no, for instance.
Dejan Kosutic:And this, let's say evidence needs to be presented from the company itself or from the legal or from let's say the government or any other agency that is
Cristos Velasco:presented It's usually mostly government agencies, Government related agencies, the ones that actually should comply with this change of custody. However, this is also an area that is very important for consultants and private companies because if that part of that evidence was not well or sufficiently preserved following all these different criteria and steps, this might be considered, non binding or could be considered, not legal. And here is for instance where, some consultants might actually have an interest in making sure that that evidence that was presented by a police or a public prosecutor sufficiently fulfills all these different steps to be considered legal.
Dejan Kosutic:And could this also be, let's say, this preservation of evidence, could it also be helpful for companies not only in cases when the government actually asks them to present this evidence but also when they actually pursue some lawsuit towards a third party where they basically litigate and ask for some damage to be repaid. So is this also a kind of a use case where this electronic evidence is?
Cristos Velasco:Oh yeah, this is an interesting question because this is an area that very much intersects not only with criminal law but, you know, civil law or liability law. So for instance if someone is searching or trying to prove a case of defamation, they will have to actually also make use of this change of custody to prove all these different steps on how that evidence was actually showed, proved and presented in a court of law. So yeah, definitely it's also an area that intersects with other different areas of law, including civil law, administrative law.
Dejan Kosutic:So if I understood well, basically the companies will have to comply with these rules on preserving digital evidence because of the government requests, but there is also one beneficial outcome of this and this is that they will be able to prepare this evidence if they actually have to sue someone else according to civil law, right?
Cristos Velasco:Yes, and this is also another complex area in a way that when this evidence or this change of evidence is presented in an area different to criminal law. Then there's you know some criteria and the criteria to read this or to admit this type of evidence in a court of law whether it's civil, family or even, you know, administrative law vary from country to country. I mean, there's no silver bullet, you know, and this is also quite challenging.
Dejan Kosutic:Yeah, and by the way, how do companies handle this complexity from the legal point of view? Mean, is, you mentioned at the beginning, these three, let's say, types of legislation that are becoming relevant in this area Especially out of Europe there are many other legislations that are probably different. How does an international company that is present in many countries, how do they manage this kind of extreme complexity?
Cristos Velasco:Well, first of all, if you are not an expert on OVO, you have to refer to, you know, consult an expert who actually provides sufficient, you know, findings on the special needs that the company is needed. Because we have to remember that we are not experts in all different areas. So that's one step, you know, to get like legal counsel. Also the other thing, if this is something to do with compliance, because well, think about like for instance this digital evidence package might also have some interaction with the Digital Services Act, which is this new legislation that actually imposes a number of litigations for telecommunication companies, service providers, search engines, etcetera, etcetera, to actually make sure that the traffic that going through the networks is not illegal. And they will have to actually report if they found illegal situations or traffic coming from a specific you know, domain name or even IP address, they will have to report to the law enforcement authorities.
Cristos Velasco:And although this Digital Services Act does not specifically go into detail on how to preserve evidence, it's very much well connected to this EU service package in a way that will have to coexist with those specific rules and the rules that are contained in the Digital Services Act.
Dejan Kosutic:Okay, good. Let's discuss a little bit your business. So if I understood well, you are consulting companies around these, let's say, preservation of digital electronic evidence, but also some other things. So is your primary business really in consulting or training? Where do you see the biggest, let's say, market opportunity?
Cristos Velasco:Well, it's actually both, Eyen. I mean, part of what I do, part of the core of activities that I do is actually to make sure or to advise countries on how to implement international legal frameworks for instance in cybercrime, electronic evidence and much more recently on artificial intelligence and data privacy. But also part of these rules have this level of complexity that they do require specific tailored training to not only the law enforcement authorities but also to companies and the staff of those companies. Also to help them and to guide them to make them or to help them comply with the complexities and the practicalities on how these rules are enforced in each country.
Dejan Kosutic:So it's very similar, I would say, to other, let's say, consultants that I speak to. They usually do provide this consulting but also training service, which is usually comes hand in hand and and which is usually our best combination of of both of these things. And yeah. So if I may ask, how do you get such big and good clients? I mean, having OECD or Council of Europe as a client, I mean, how do you get these clients?
Cristos Velasco:Well, it's essentially, well, it's a difficult question but it has just gone through the time. Know, part of like, you know, the commitment of a consultant and also of an academic is to keep yourself very much in shape. You know, publishing, getting in touch with, you know, the real network, be there, you know, try to grow your network and also explore further consulting opportunities opportunities and just keep going and going. Because also a part of the consultancy is you learn a lot from the things that you do in specific projects. But these projects also have a specific time limit and you have to focus on other things.
Cristos Velasco:And part of that is also to keep abreast on the new upcoming threats, you know, tendencies. And in my, well, specifically in my area, the upcoming regulations, which are quite a lot, quite a lot of regulations that many experts and companies and law enforcement authorities have to catch up. And this is not an easy task. This is an area where I try to actually fulfill, well, an existing gap.
Dejan Kosutic:And does your academic career help you with this catching up and being actually in front of maybe other competitors in this
Cristos Velasco:Oh yes, definitely. It's compatible in a way that, well, it helps me well to stay not only connected but also because part of this academic world, you have to catch up with all these different laws, regulations and the way that are implemented on a practical level. And if you miss a bit of part of that, you are gone man. It's part of the deal, of being there.
Dejan Kosutic:Yeah, so it's a good kind of mixture between and actually supports your main income business. Right? I mean, this academic one supports the the the business. Okay. Great.
Dejan Kosutic:So if just for the end, the last question. You know, if you could, let's say, suggest to potential consultants who would go into this area, what would you suggest? What are the most important things to keep in mind?
Cristos Velasco:Well, of all, know your audience, know your public. And specifically if there's a specific client that has specific needs, well just try to be very proactive in the way that you provide all these consulting services and the specific needs that they might have. Also well, and this is complex in a way that, well, we know that in some company there are like in any other area, there are, you know, bureaucracies. You know, there are, you know, that have to take the decisions in order to, you know, to go ahead with a project, with a specific aspect of what they might need. But my advice is be there, try to be persistent and try to convince all these you know, decision makers, whether it's a decision maker or a director or, you know, or a specific high level staff member of an international organization or regional organization who's responsible for implementing specific projects or taking specific decisions that might be in their own, in their best interest.
Dejan Kosutic:Yeah, great. Okay, so I think this sums up very nicely on the most important topics that we discussed today. So thank you for these insights, Cristos. It's been a pleasure talking to
Cristos Velasco:Thanks to you, Dejan. My pleasure.
Dejan Kosutic:Great. It was great having you today. So thanks everyone for listening or watching this podcast and see you again in two weeks time in our new episode of Secure and Simple podcast. Thanks for making it this far in today's episode of secure and simple podcast. Here's some useful info for consultants and other professionals who do cybersecurity governance and compliance for a living.
Dejan Kosutic:On Advisera website, you can check out various tools that can help your business. For example, Conformio software enables you to streamline and scale ISO 27,001 implementation and maintenance for your clients. The white label documentation toolkits for NIS2, DORA, ISO 27,001 and other ISO standards enable you to create all the required documents for your clients. Accredited Lead auditor and Lead implementer courses for various standards and frameworks enable you to show your expertise to potential clients. And a learning management system called Company Training Academy with numerous videos for NIS2, Dora, ISO 27,001 and other frameworks enable you to organize training and awareness programs for your clients workforce.
Dejan Kosutic:Check out the links in the description below for more information. If you like this podcast, please give it a thumbs up, it helps us with better ranking and I would also appreciate if you share it with your colleagues. That's it for today, stay safe!
