Andrzej Dudek | Governance • Risk • Compliance • Industrial Cybersecurity

Professional Profile

Connecting standards, processes, and operational practice.

Integrated GRC and Quality Approach

I support Governance, Risk & Compliance processes by aligning ISO/IEC 27001, TISAX, IATF 16949, and VDA 6.3 requirements with the realities of production environments, including IT and OT.

My focus is on the practical implementation of standards, ensuring that information security and compliance become an integral part of the organizational structure rather than just an audit-driven project.

0 years of experience

Competency Areas

Click to see details

Governance, Risk, Compliance

ISO/IEC 27001

TISAX

OT Security

Automation

GRC

I deliver measurable business value through increased process transparency, tighter control over critical operations, and accelerated, informed risk mitigation.

Systemic Approach

Security as part of organizational architecture.

I combine quality, technical, and regulatory perspectives, creating solutions that support business decisions and operational stability.

With experience in highly regulated production environments, I focus on pragmatic, scalable solutions compliant with the automotive industry.

I treat security as an element of management systems, not just a control layer.

About this site

A brief description of the platform

A platform dedicated to cyber resilience, GRC, and information security management in industrial environments. Focused on practical implementation of ISMS, TISAX, and risk management in IT and OT, combining technical, process, and business perspectives.

All content on this website reflects my personal perspective and does not represent the views of any organization I am connected with.

Articles & Analysis

A practical look at GRC and industrial cybersecurity.

ISO

ISO/IEC 27001 in Production Environment

Is ISO/IEC 27001 treated as just a documentation project in companies?

TISAX

TISAX – From Documentation to Readiness

How to prepare an organization for assessment without operational disruption.

Cyber Resilience in OT

Weather station — can it be hacked?

GRC

GRC – Governance, Risk & Compliance in Practice

A comprehensive introduction to the GRC model, its role in organizations, and integration with business processes.

Privacy Policy

Last updated: 01.03.2026

The data controller is Andrzej Dudek, owner of this website.

1. Scope of Collected Data

The site may collect the following data:

Information voluntarily submitted by users in the contact form (e.g., name, email).
Technical data about site usage, e.g., IP address, browser type, date and time of visit.
Information from cookies if accepted by the user.

2. Purpose of Data Processing

Personal data is processed for the following purposes:

Responding to inquiries submitted via contact form.
Ensuring proper functioning of the website.
Traffic analysis and service improvement.

3. Legal Basis for Processing

The legal basis for processing personal data is:

Art. 6(1)(a) GDPR – user consent (e.g., when submitting a form).
Art. 6(1)(f) GDPR – legitimate interest of the administrator (e.g., website security).

4. Data Sharing

Personal data is not shared with third parties unless:

The user consents.
Required by law.
Necessary for hosting or technical support services.

5. Data Retention

Data is stored only as long as necessary to achieve the purposes described above.

6. User Rights

Users have the right to:

Access their personal data.
Rectify data.
Request deletion (“right to be forgotten”).
Restrict processing.
Data portability.
Withdraw consent at any time (without affecting lawfulness of prior processing).
File a complaint with the supervisory authority.

7. Cookies

The site may use cookies to improve functionality and analyze statistics.

8. Data Security

Appropriate technical and organizational measures are applied to protect personal data.

9. Contact

For personal data inquiries, contact: andrzej.dudek@securehavenet.ovh

SecureHaveNET

Governance • Risk • Compliance • Industrial Cybersecurity