keystone services kft.
IT and security technology solutions
Comprehensive IT and security technology solutions: from the design and operation of networks and Microsoft-based systems, through cybersecurity audits, NIS2 compliance preparation and human security risk analysis, to conference protection, event security and building engineering implementation.
10+
years of experience
Security at every level
Our solutions range from network development and data protection audits to camera systems, access control systems and event security, all the way to NIS2 compliance. Our goal is to provide our clients with a stable, transparent and protected operational environment where they can confidently focus on their business objectives.
About us
Our tools
Our key services
Human and corporate security risk analysis
Szolgáltatásaink segítenek feltárni és kezelni az emberi tényezőből fakadó, valamint a nyílt forrású adatokhoz kapcsolódó biztonsági kockázatokat, támogatva a vállalatokat a megbízható és védett működésben.
IT cybersecurity auditing
Kiberbiztonsági auditjainkkal és NIS2 felkészítéssel feltárjuk a kockázatokat, erősítjük az információbiztonságot és biztosítjuk a jogszabályi megfelelést.
IT network and security system design, implementation and operation
Megbízható hálózati infrastruktúrákat hozunk létre, korszerű biztonságtechnikai rendszereket telepítünk, valamint komplex hálózatbiztonsági megoldásokat biztosítunk a hosszú távú, teljes körű védelem érdekében.
Facility security and building engineering solutions
Szolgáltatásaink teljes körű védelmet és megbízható működést biztosítanak auditálással, hálózatkiépítéssel, diagnosztikával és modern védelmi rendszerekkel.
Comprehensive drone utilisation solutions
Gyors és precíz adatgyűjtést, valamint a nem kívánt drónok elleni megbízható védelmet biztosítunk korszerű technológiákkal.
Our key services
Cybersecurity Auditing
With our cybersecurity audits and NIS2 preparation, we identify risks, strengthen information security and ensure regulatory compliance.
LVA-based Voice Analysis Profiling
The LVA voice analysis software uses voice-based examination to help identify employee risks, supporting safe and reliable workforce selection.
NIS2 Compliance Preparation for Accreditation
With our NIS2 preparation services, we help companies meet strict EU cybersecurity requirements, identify gaps, and ensure compliance during independent audits.
OSINT Defend
OSINT refers to the lawful and ethical processing of open-source data. It serves as a valuable intelligence tool but is subject to strict legal and data protection limitations.
Social engineering
Social engineering exploits human trust to create cybersecurity risks, posing a significant threat especially to small and medium-sized enterprises (SMEs).
Detailed comparison of ISO 27001 and NIS2 audits
Fundamental difference
- Legal basis: Voluntary or business need (e.g. certification)
- Purpose: Certification of an Information Security Management System (ISMS)
- Mandatory? Not mandatory, but strongly recommended
- End result? Issues a certificate (typically valid for 3 years)
- Legal basis: EU-wide mandatory regulation (EU Directive 2022/2555)
- Purpose: Ensuring cybersecurity compliance in specified sectors
- Mandatory? Mandatory for affected sectors
- End result? No certificate; a compliance report is required
Audit focus
- Focus: ISMS, risk management, documented controls
- Control basis: Annex A (93 controls – based on ISO 27002)
- Level of detail: Thoroughly documented, standardised
- Focus: Cybersecurity risks, legal compliance, incident handling
- Control basis: Legal requirements, e.g. risk assessment, response
- Level of detail: NIS2 requirements allow broader interpretation
Preparation and audit process
- 1. Initial contact, quotation
- 2. Gap analysis (based on ISO 27001 requirements)
- 3. Establishing or improving the ISMS
- 4. Documentation (policies, procedures, risk analysis, etc.)
- 5. Internal audit
- 6. Management review
- 7. Certification audit (Stage 1: document audit; Stage 2: operational audit)
- 8. Certificate issuance
- 1. Initial contact, verification of sector classification
- 2. NIS2 gap analysis (existing measures vs. NIS2 requirements)
- 3. Development of risk management procedures
- 4. Incident handling processes and reporting obligations
- 5. Implementation of security policies, logging, and access management
- 6. Internal audit (where applied)
- 7. Reporting to the supervisory authority (e.g. NAIH, SZTFH)
Possible combination
- ISO 27001 covers most NIS2 expectations (e.g. incident handling, risk management, documentation)
- Risk management and documentation provide a strong foundation
- Needs supplementing with specific elements (e.g. reporting obligations)
- Supervisory cooperation, sector-specific requirements
Summary
- Certification: Yes
- International / EU: International standard
- Legally required: Not for everyone
- Focus: Complete information security system
- Certification: None; compliance expectations only
- International / EU: EU legal directive
- Legally required: Only for affected organisations
- Focus: Cybersecurity compliance
Fundamental difference
- Legal basis: Voluntary or business need (e.g. certification)
- Purpose: Certification of an Information Security Management System (ISMS)
- Mandatory? Not mandatory, but strongly recommended
- End result? Issues a certificate (typically valid for 3 years)
- Legal basis: EU-wide mandatory regulation (EU Directive 2022/2555)
- Purpose: Ensuring cybersecurity compliance in specified sectors
- Mandatory? Mandatory for affected sectors
- End result? No certificate; a compliance report is required
Audit focus
- Focus: ISMS, risk management, documented controls
- Control basis: Annex A (93 controls – based on ISO 27002)
- Level of detail: Thoroughly documented, standardised
- Focus: Cybersecurity risks, legal compliance, incident handling
- Control basis: Legal requirements, e.g. risk assessment, response
- Level of detail: NIS2 requirements allow broader interpretation
Preparation and audit process
- 1. Initial contact, quotation
- 2. Gap analysis (based on ISO 27001 requirements)
- 3. Establishing or improving the ISMS
- 4. Documentation (policies, procedures, risk analysis, etc.)
- 5. Internal audit
- 6. Management review
- 7. Certification audit (Stage 1: document audit; Stage 2: operational audit)
- 8. Certificate issuance
- 1. Initial contact, verification of sector classification
- 2. NIS2 gap analysis (existing measures vs. NIS2 requirements)
- 3. Development of risk management procedures
- 4. Incident handling processes and reporting obligations
- 5. Implementation of security policies, logging, and access management
- 6. Internal audit (where applied)
- 7. Reporting to the supervisory authority (e.g. NAIH, SZTFH)
Possible combination
- ISO 27001 covers most NIS2 expectations (e.g. incident handling, risk management, documentation)
- Risk management and documentation provide a strong foundation
- Needs supplementing with specific elements (e.g. reporting obligations)
- Supervisory cooperation, sector-specific requirements
Summary
- Certification: Yes
- International / EU: International standard
- Legally required: Not for everyone
- Focus: Complete information security system
- Certification: None; compliance expectations only
- International / EU: EU legal directive
- Legally required: Only for affected organisations
- Focus: Cybersecurity compliance
Our professional pillars
Security and expertise
Our solutions have been designed by experienced experts to ensure our clients always receive the highest level of protection.
Innovative IT protection
Our technology-oriented, modern systems guarantee reliability and long-term security in the digital space and beyond.
Discreet solutions
Our services provide discreet yet comprehensive protection, supporting our clients’ business processes and sustainable growth.
Our references
