Skip to Content

Case Studies


Hospital

Full on Cybersecurity and Compliance Program 

Challenge

The hospital was undergoing various  digitalization project and needed to improve its data governance framework to ensure a good control of the transformation plan.
We have to make sure patient data is properly secured, operational teams have proper security processes, and that regulatory requirements, especially the Vietnamese PDPL, are met. All of this needs to be implemented while ensuring the continuity of medical operations.


Step 1: Initial Cyber & Compliance Audit

A complete assessment covering:
  • Policies & procedures, DRP/BCP
  • Data protection and privacy practices
  • Access control, network diagrams, and IT inventory
  • Risk reports, incident processes, and industry-specific requirements

Step 2: Roadmap & Governance Setup



  • SOC implementation
  • VAPT and vulnerability management
  • PDPL readiness
  • Awareness program
  • Risk management and CMDB setup

3. Running the Cybersecurity Program


We now act as CISO for the hospital, coordinating with the CEO, COO, CFO, Chief Legal Officer and Risk Director
Our work includes:
  • Weekly reporting to the board
  • Prioritization of actions
  • Incident handling
  • Training programs
  • Continuous improvement and monitoring

EV Charging Infrastructure Case Study

NIS2 Compliance Roadmap


Challenge

The client was deploying a large-scale electric vehicle charging infrastructure—combining IT, OT, cloud, field devices, and sensitive operational data.

To ensure safe national rollout, the company needed:
  • A cybersecurity operating model aligned with NIS2, ISO 27001, and EU best practices
  • A unified governance framework connecting IT, OT, and business operations
  • Consistent security processes across subsidiaries and partners
  • Clear risk visibility for management and regulators

High-level compliance requirements existed, but they were not translated into day-to-day operations or technical implementation.

What we implemented 

We operationalized security across the organization through concrete programs:
  • Asset Management & CMDB: Visibility over critical assets
  • Security Operations Center (SOC): Incident detection & response
  • Vulnerability Management & VAPT: Continuous identification and remediation
  • DRP / BCP: Built around system criticality and RTO/RPO objectives
  • Human Resources Security: Role-based onboarding & awareness
  • Vendor Management: Third-party questionnaire & risk scoring
  • Risk Management & Governance: Risk register, dashboards, and structured leadership reviews

Our approach 

We built and operationalized a full Information Security Management System (ISMS) to connect governance, risk, and daily security operations—turning regulatory requirements into an actionable operational model.

1. Strategic Alignment

We transformed broad compliance requirements into an ISMS framework covering:
  • Governance, roles, and responsibilities
  • Policies and procedures
  • Risk register and risk methodology
  • Compliance alignment: NIS2, ISO 27001, GDPR

Results

The program delivered measurable and long-term impact:
  • Full alignment with NIS2 and ISO 27001 principles
  • Improved visibility and faster decision-making at management level
  • Stronger cooperation between IT, OT, and Compliance teams
  • A scalable cybersecurity & compliance model that can be replicated across subsidiaries and future locations

Discuss Your Challenges

Each project presents its own unique hurdles. Contact us to delve into how we can assist you in crafting an all-encompassing solution.

Meet our CEO and COO

Book a 30-minute conversation with Cycle’s leadership to explore your cybersecurity and compliance priorities.

Your Dynamic Snippet will be displayed here... This message is displayed because you did not provide enough options to retrieve its content.