Łukasz Krzewicki

EN Audit, Risk & Compliance Expert | C&F

A consultant and project manager with more than 20 years of experience in telecommunications, consulting, and IT. He is responsible for the GRC business line, product roadmap, and development planning at C&F. His specialties include risk management (certified CRISC), service delivery management, security management (certified CISM), software product management, SCRUM, CRM, and business process improvements.

Articles

Explore all publications and insights

Articles

Building an ISMS? Start With Your Information Security Policy

What Is an Information Security Policy? An information security policy defines what an organisation needs to protect and to what standard. It applies to everyone who handles the organisation’s…

Articles

How to Build a Business Continuity Management System That Meets ISO 22301

What Is ISO 22301? ISO 22301 defines what a business continuity management system (BCMS) needs to include. At its core, the standard calls for a business impact analysis, documented continuity plans,…

Articles

SOC Audits Explained: How SOC 1, SOC 2, and SOC 3 Compare and Which One to Choose

What Are SOC Audits? A SOC audit is an independent assessment of the internal controls at a service organisation. Its purpose is to give the organisation’s clients confidence that appropriate…

Articles

Effective Control Measures in Risk Management

What Is a Control Measure? A control measure is a specific action, procedure, or safeguard designed to limit risk and help an organisation achieve its objectives. It is not a synonym for internal…

Articles

Inherent Risk and Residual Risk. How Risk Levels Shape Organisational Decision-Making

What Is Inherent Risk? Inherent risk is the level of threat linked to an activity, process, or asset before any controls are applied. It is driven by the nature of the activity itself, not by how…

Articles

How to Build and Implement a NIS2-Compliant Incident Management Process

NIS2 Requirements for Incident Management The NIS2 Directive obliges organisations to detect incidents promptly, limit their impact, and meet strict reporting timelines. It also requires the entire…

Articles

ISO 27001 Explained: Objectives, Benefits and Challenges

In this environment, companies need structured and reliable ways to protect their data and prove resilience. ISO/IEC 27001, one of the most widely adopted international standards, provides a…

Articles

Risk and Control Self-Assessment (RCSA): Making Risk Ownership Real

What is Risk and Control Self-Assessment (RCSA)? RCSA is a structured process that allows teams across an organisation to identify risks, evaluate the controls in place, and assess their…

Articles

Internal Audit and Internal Control–How Collaboration Drives Better Risk Management

Definitions first. According to COSO, internal control is a set of processes and actions that help a company meet its goals, whether that means running efficiently, reporting accurately, or staying…

Articles

Enterprise Risk Management: from strategy to execution

From digital transformation and regulatory changes to disruptions in global supply chains, companies face ever more complex challenges that shape the reality of doing business. Volatility brings…

Łukasz Krzewicki

Łukasz Krzewicki

Explore all publications and insights

Building an ISMS? Start With Your Information Security Policy

How to Build a Business Continuity Management System That Meets ISO 22301

SOC Audits Explained: How SOC 1, SOC 2, and SOC 3 Compare and Which One to Choose

Effective Control Measures in Risk Management

Inherent Risk and Residual Risk. How Risk Levels Shape Organisational Decision-Making

How to Build and Implement a NIS2-Compliant Incident Management Process

ISO 27001 Explained: Objectives, Benefits and Challenges

Risk and Control Self-Assessment (RCSA): Making Risk Ownership Real

Internal Audit and Internal Control–How Collaboration Drives Better Risk Management

Enterprise Risk Management: from strategy to execution

Solutions

Resources

About

Contact Us