Our 4 ways for a quick entry into the high-risk provider register
Offices do not like to wait, and technology companies cannot afford contract downtime. Since September 2016 in Warsaw, we have helped 123 IT companies go through the maze of cybersecurity regulations without unnecessary stress. We check facts, not assumptions, so we know that the key to success is technical precision, not the volume of the application.
An end to fluff in technical documentation
Most applications for entry in the register are rejected for one reason: an overly general description of the system architecture. An official in the cybersecurity department is not looking for marketing, but for specific parameters. In 2024, we analyzed 47 rejected applications of our clients before they came to us. The common denominator was a lack of precision in the description of encryption key management and administrative access. Instead of writing about high standards, specific ISO standard numbers or technical parameters of the devices should be given.
Our experience shows that shortening documentation from 150 pages to 42 pages of specifics increases the chance of acceptance in the first iteration by 74.3%. We focus on 14 key control points that are always verified by the ministry. We speak plainly about difficult regulations because we know that the programmer and the official rarely use the same language. We play the role of an interpreter who ensures that every bit of data is described according to the current regulation from March 2024.
An official is not looking for promises, but for technical parameters that match the table in the act.
The magic number 19 business days
The standard administrative path in Poland provides for 30 days for a response, but in practice, due to errors in applications, this process extends to 140-160 days. At Srivakula Gov Affairs, we have developed a procedure that allows the case to be closed in 19 business days. How do we do it? We use a so-called pre-audit of documentation, which simulates an official inspection. In October 2024, a company from Wrocław, thanks to our support, obtained entry in exactly 17 days, which allowed them to start in a tender worth 3.2 million PLN.
Shortening the time is not magic, but the elimination of so-called 'ping-pong' with the office. Every request to complete deficiencies is a loss of at least 2 weeks. Our applications are complete immediately. We check not only the content, but even the correctness of qualified signatures and file formats. Since 2018, we have recorded only 3 cases where the office requested additional explanations after submitting our version of the documentation. The result is visible in the documents, not in the presentations, so we play for the client's time.
Supply chain verification in terms of KSC
The amendment to the Act on the National Cybersecurity System introduced rigorous requirements for suppliers from third countries. If your software uses components produced outside the EU, you must demonstrate this and justify their security. In 2023, we helped 22 Polish software houses verify their libraries and infrastructure providers. It often turns out that one small module from a subcontractor in Asia can block certification for the entire government system.
We check facts, not assumptions – we audit your suppliers as strictly as an office would. We create a map of capital and technical connections, which is a necessary attachment to the application for secure supplier status. For one of the Warsaw companies, we detected a risk in the supply chain 4 days before submitting the documents, which saved them from being blacklisted. Your IT, our paperwork – this is the principle that allows programmers to code and us to deal with the legality of their work.
One module from an unverified subcontractor can block your company for years.
How to talk to the Ministry of Digital Affairs?
Communication with state administration requires a specific approach. At Srivakula Gov Affairs, we do not send general inquiries. Each of our contacts with the ministry is based on a specific article number from the act. In the third quarter of 2024, we conducted 28 working consultations on behalf of our clients. Officials appreciate it when there is a partner on the other side who knows the procedures and doesn't send 500 questions about obvious things. This builds trust and accelerates the issuance of decisions.
Heads-up: Remember that from January 1, 2025, electronic form templates on the ePUAP platform will change. If you submit an application on the old template, it will be automatically rejected by the system. We already have templates ready in accordance with the new requirements. We do not wait for the last minute, because in the IT business every hour of system availability counts. Our effectiveness in this area is 96.8% of applications accepted on the first date.
