Voice of the customer

Our clients talk about results, not promises.
The recommendations below reflect real collaborations, where security meant clarity, decision, and responsibility.

Instead of talking about ourselves, we chose to let our customers do it.

The recommendations below come from real projects, conducted in organizations with critical responsibilities, strict regulation, and direct exposure to cyber risk.

They are the result of collaborations where decisions mattered, the pressure was real, and the solutions had to work, not just look good in reports.

These testimonials reflect the way we work: honest about risk, focused on clarity, and constructs that can be explained, operated, and audited.

We do not promise absolute security.

We build capabilities that allow leaders to understand what risks they have, what they control, and what they can manage, with calm and commitment.

S.N.G.N. ROMGAZ S.A.

bacatransilvania

tbi bank

S.N.G.N. ROMGAZ S.A.

1/119

Dr. Eng. Calin Vasile Neamtu

General Manager

We hereby confirm the collaboration between Compania de Apa Someș SA and SC Sectio Aurea SRL, which began in 2023 and was later consolidated through a strategic partnership during 2024 and 2025.

The initial collaboration aimed to prepare our organization to meet the cybersecurity requirements applicable to society, the services provided by Mr. Eduard–Mădălin Bratu having a significant and direct impact on obtaining a positive audit opinion and implicitly on the organization's compliance with legislative requirements in cybersecurity.

The success of the initial collaboration naturally evolved into a broad strategic program, coordinated and provided by Mr. Eduard–Mădălin Bratu under the umbrella of Sectio Aurea SRL.

We are currently working together on several highly complex contracts that address several critical dimensions of cybersecurity and resilience, including:

Digitalization of IT/OT operational and management activities;
Organizational security governance and strategy;
Advanced IT Security Operations;
Implementing advanced cybersecurity solutions;
Active and continuous monitoring of cyber risks and threats.
Professional training in cybersecurity for the Company's technical and general staff.

At all stages of this complex collaboration, Mr. Eduard–Mădălin Bratu demonstrated professionalism, a remarkable ability to adapt to the specifics of the organization, and constantly delivered pertinent, clear, and pragmatic solutions and recommendations.

His structured and results-oriented approach has contributed decisively to improving our security posture and the company's overall resilience to current and future digital challenges.

We recommend the expertise and services of Mr. Eduard–Mădălin Bratu to all organizations looking for a solid partner, with strategic vision and outstanding skills in cybersecurity governance and business protection.

Compania de Apa Somes

Cosmin Macaneata

CEO

Omega Trust

Cosmin Macaneata

CEO

Omega Trust

Cosmin Macaneata

CEO

Omega Trust

"As General Director of Omega Trust, a company specialized in IT audit and consulting services, I had the pleasure of working closely with Mr. Madalin Bratu and his team, auditors within Sectio Aurea, in carrying out a complex audit project for a leading financial banking institution in Southeast Europe.

For the NIS audit, Sectio Aurea was responsible for the following areas: Organizational security audit, Architecture audit, Configuration audit.

For the EBA Guidelines audit, Sectio Aurea participated with the audit team of Omega trust in the compliance audit.

Madalin Bratu, General Director of Sectio Aurea and DNSC certified auditor demonstrated a remarkable capacity for organization and coordination, effectively managing relations with clients and the project team.
His coordinating qualities were evident throughout the collaboration, facilitating clear and effective communication between all parties involved.
In addition, his ability to deal with challenges and difficult situations, which are often encountered in such projects, was second to none.
Through his professionalism he was able to guide the team through the most complex aspects of the audit, ensuring that high standards were always met.

Both Eduard Madalin Bratu and his team showed a special aptitude for detailing and analyzing complexly organized information. Their professionalism, combined with an attention to detail, was essential in identifying and addressing critical aspects of the audits. Their systematic work in evaluating the security of configurations, architecture, and various policies and procedures was up to expectations."

Romgaz

Cosmin Macaneata

CEO

Omega Trust

"As the General Manager of Omega Trust, a firm specialized in audit and IT consulting services, I had the pleasure of working closely with Mr. Madalin Bratu and his team, auditors within Sectio Aurea, in carrying out a complex audit project for a leading financial and banking institution in Southeastern Europe.

For the NIS audit, Sectio Aurea was responsible for the following areas: Organizational security audit, Architecture audit, Configuration audit.

For the EBA Guidelines audit, Sectio Aurea participated alongside the Omega Trust audit team in auditing compliance.

Madalin Bratu, General Manager of Sectio Aurea and DNSC certified auditor, demonstrated a remarkable capacity for organization and coordination, efficiently managing relationships with clients and the project team.
His coordination skills were evident throughout the collaboration, facilitating clear and efficient communication between all parties involved.
In addition, his ability to deal with the challenges and difficult situations that are often encountered in such projects was unmatched.
Through his professionalism, he was able to guide the team through the most complex aspects of the audit, ensuring that high standards were always met.

Both Eduard Madalin Bratu and his team showed a great aptitude for detailing and analyzing complexly organized information. Their professionalism, combined with an attention to detail, was essential in identifying and addressing critical aspects of the audits. Their systematic work in assessing the security of configurations, architecture, and various policies and procedures was at the level of expectations."

Omega Trust

Maxim Alempie

Head of Information Security Department

For the NIS audit, Sectio Aurea was responsible for the following areas: Organizational security audit, Architecture audit, Configuration audit.

For the EBA Guidelines audit, Sectio Aurea participated with the audit team of Omega trust in the compliance audit.

Garanti Bank BBVA

RAJA

Virgil Pascu

IT Manager

RAJA

"We would like to express our sincere gratitude and appreciation for the exceptional service provided by Madalin Bratu, our consultant. With his expertise and guidance, our organization was able to achieve compliance with the European NIS regulation.
Madalin's knowledge and understanding of NIS regulation was truly exceptional.

He demonstrated professionalism and a remarkable ability to navigate complex regulatory requirements, ensuring that every aspect of our organization's operations was in compliance.

Madalin's dedication and commitment were evident throughout our collaboration with him.

It went further to thoroughly analyze our existing systems and processes, identifying potential vulnerabilities and areas for improvement.

His keen attention to detail and methodical approach helped us address any compliance gaps efficiently and effectively.

What really sets Madalin apart is his proactive and collaborative approach.

He consistently exceeded our expectations by providing clear and concise recommendations specifically tailored to our organization's needs. His ability to communicate technical concepts in a way that is easy for our team to understand was invaluable.

Throughout the process, Madalin displayed professionalism, integrity, and reliability.

He was always available to address our concerns, answer our questions and provide guidance whenever needed. His expertise and support were instrumental in ensuring our organization was fully compliant with the European NIS regulation.

We highly recommend Madalin Bratu as a consultant for organizations seeking assistance with NIS Directive compliance.

His knowledge, dedication, and quality of service make him a valuable partner in navigating the complexities of regulatory compliance.

We are truly grateful for his contributions and look forward to continuing our partnership in the future.
Thank you, Madalin, for your remarkable support and expertise."

Catalina-Magnolia Mate, Information Security Manager

"I have had the pleasure of working closely with Madalin Bratu over the past year and have been continually impressed by her commitment, expertise and professionalism in providing consulting services to our organization as we work together to implement our security strategy.

Madalin Bratu has consistently demonstrated problem-solving skills, flexibility and communication skills that have significantly contributed to the success of our initiatives.

He demonstrated a deep understanding of cyber security and provided insights and strategic advice that proved critical to achieving our project goals.
He has strong planning and organizational skills, as well as the ability to quickly identify and analyze issues, which are critical requirements for our company's implementation of the NIS Directive.

One of Madalin Bratu's outstanding qualities is his attention to detail, which sets him apart.

His ability to create detailed process documentation and ensure that each step is accurately described and easy to follow has been a significant contributor to the success of our joint program.

In addition, Madalin Bratu has always demonstrated a high level of professionalism and integrity. Is reliable, deadline oriented and able to communicate complex ideas clearly and concisely.

Our team benefited enormously from his collaborative approach and willingness to go the extra mile to ensure the success of our projects.
In addition to his technical expertise, it was a pleasure to work with Madalin Bratu.

His positive attitude, strong ethics and ability to adapt to the organizational culture made him an invaluable member of our project team.
He brings a wealth of knowledge, dedication and a results-oriented approach to every project. Madalin Bratu would undoubtedly be an asset to any organization looking for top consulting services."

Catalina-Magnolia Mate, RAJA

Mihai Truță, Director of Data Protection/Cybersecurity/Compliance Department

As part of the collaborations carried out at the level of the E.ON Group in Romania, SCEON Energie România SA and SC Delgaz Grid SA contracted SC SECTIO AUREA SRL as a cybersecurity auditor, to provide specialized audit and testing services, in order to assess compliance with the requirements of Law no. 362/2018 (NIS), which transposes the European NIS Directive on measures to ensure a high common level of security of networks and information systems.
Collaboration with SCEON Energie Romania SA
....
The services provided included:
• architecture audit;
• configuration audit;
• organization security audit;
• source code audit;
• SCADA system audit;
• IT infrastructure penetration tests.

The following participated from the audit team of SC SECTIO AUREA SRL:
• Mr. Eduard Mădălin Bratu, as project coordinator, DNSC Certified Auditor, providing the architecture audit, configuration audit, organization security audit and SCADA system audit;

In both projects, the SC SECTIO AUREA SRL team demonstrated high technical competence, methodological rigor and a good understanding of the specifics of the energy sector, including the differences between IT and OT environments. The activities were carried out according to the contractual requirements, and the deliverables were relevant and useful for strengthening the cybersecurity posture of E.ON entities in Romania.

E-on, Delgaz Grid

Dan Danulescu

Executive Director

NIS Audit Recommendation 2

PETROTELLUKOIL SA hereby recommends with full confidence SC SECTIO AUREA SRL, headquartered in Romania, Bucharest, Str. Calea Vitan no. 23C, Vitan Business Center, room 2, Sector 3, postal code 031281, registered with ORC J40/1426/2006, CUI RO18334569, as well as Mr. Eduard-Mădălin Bratu, as expert auditor / lead consultant, for the services of assessing compliance with the requirements of the NIS2 Directive.

The collaboration was carried out based on the NIS Audit Order/Contract No. 1 of 06.05.2025, during the period 06.05.2025 – 15.09.2025 (4 months and 9 days). The objective of the mission was to assess the level of compliance with NIS2 requirements, including the identification of risks and non-conformities, the analysis of documentation and the assessment of the maturity of the information security management framework.

Throughout the project, Mr. Eduard-Mădălin Bratu demonstrated professionalism, methodological rigor and technical competence, approaching the evaluation in a structured manner, with an emphasis on applicability and alignment with relevant European requirements and good practices.

Within the services, the following activities were mainly carried out:

Identifying risks and non-conformities by examining existing processes, infrastructure, policies and technologies relevant to NIS2 requirements;
Analysis of documentation (policies, procedures, standards) and verification of completeness and implementation;
Assessing the maturity of the information security management system, by reporting to NIS2 requirements and ISO/IEC 27001:2022;
Drafting the evaluation report, which included compliances, non-compliances and opportunities for improvement, along with pragmatic recommendations for remediation and prioritization.

The methodology was applied in phases (planning, execution/evaluation, post-execution), and the deliverables were clear, consistent and easy to use as support for planning compliance measures and increasing security maturity.

A distinctive element of the collaboration was Mr. Eduard-Mădălin Bratu's ability to translate complex regulatory requirements into operational conclusions and recommendations, facilitating internal alignment and understanding of requirements at the management and technical team levels.

In conclusion, we recommend SC SECTIO AUREA SRL and Mr. Eduard-Mădălin Bratu to all organizations that need NIS2 compliance audits, maturity assessments, risk analysis and ISO 27001:2022 alignment consulting, in projects that require rigor, confidentiality and applicable deliverables.

NIS Consulting Recommendation 2

PETROTELLUKOIL SA confidently recommends SC SECTIO AUREA SRL, headquartered in Romania, Bucharest, Str. Calea Vitan no. 23C, Vitan Business Center, room 2, Sector 3, postal code 031281, registered with the Trade Register under no. J40/1426/2006, CUI RO18334569, as well as the experts Eduard-Mădălin Bratu and Viorel Surdu, for the consulting services provided in order to align the organization with the requirements of the NIS 2 Directive.

The collaboration was carried out under Contract No. 284 of 23.09.2025, during the period 23.09.2025 – 29.12.2025 (3 months and 6 days). The objective of the project was to strengthen the technical and organizational basis necessary for NIS 2 compliance, by clarifying the IT/OT architecture, flows, criticality, risk mechanisms and the policy and governance framework.

Throughout the project, the Sectio Aurea team, together with Eduard-Mădălin Bratu and Viorel Surdu, demonstrated professionalism, methodological rigor and technical competence, delivering clear and applicable materials, useful to both management and technical teams.

The services delivered included, in summary form, the following components:

"As is" architecture documentation (HLD) for IT and OT – overview map of existing areas, interconnections, flows and controls, usable as an auditable reference.
Mapping of application and technological flows – inter-area flow matrix and application/technological map to substantiate segregation, filtering and monitoring.
Defining the target architecture "to be" (HLD) - principles, controlled zoning and interfaces (zones & conduits), non-functional requirements and alignment directions towards a secure and resilient model.
Implementing and documenting BIA – identifying critical processes, dependencies, RTO/RPO and critical infrastructure areas, as a basis for continuity and prioritization of measures.
Implementation of IT/OT risk management mechanisms – policies/procedures, risk register, acceptance criteria, risk lifecycle and KPI/KRI reporting principles.
Developing and structuring the policy and governance framework – coherent set of policies and sub-policies, mapped to NIS 2 requirements and aligned with best practices (e.g. ISO/IEC 27001), for traceability and auditability.

The deliverables were consistent, well-structured, and directly usable as a foundation for planning compliance measures, designing remedies, and increasing cybersecurity maturity.

In conclusion, we recommend SC SECTIO AUREA SRL, as well as Eduard-Mădălin Bratu and Viorel Surdu, to organizations that need consulting services for NIS 2 alignment, especially in projects that require rigor, confidentiality and concrete, operationally applicable results.

Petrotel Lukoil

Rinald Khamidullin

Managing Director

NIS Audit Recommendation 2

This is to confirm that Mr. Eduard Madalin Bratu, Managing Director of Sectio Aurea SRL, acted as Lead Auditor and Project Manager during the delivery of cybersecurity and compliance services provided to Lukoil Technology Services GmbH between December 1st 2024 and April 3rd 2025.

Mr. Bratu led the audit program covering:

Comprehensive NIS 2 compliance assessment, including documentation and implementation reviews;
Assessment done on an Information Maturity Model aligned with the CyberFundamentals Framework (mapped to ISO 27001, ISA 62443, CIS Controls, and NIST CSF);
Execution of a detailed GDPR Audit evaluating personal data registers, privacy impact assessments, and third-party compliance;
Delivery of final consolidated audit and readiness reports containing prioritized remediation and improvement actions.

Throughout the engagement, Mr. Bratu demonstrated exceptional technical competence, strategic vision, and leadership. His deep understanding of regulatory frameworks and his ability to translate complex requirements into practical, business-oriented recommendations were invaluable to the success of the project.

He maintained excellent communication with our technical stakeholders—Mr. Pavel Abramov (Senior IT Manager) and Mr. Roman Bobrov (Senior Information Security Manager)—ensuring consistent alignment and project transparency.

We highly recommend Eduard Madalin Bratu for any senior role or engagement related to cybersecurity governance, risk management, compliance auditing, or NIS 2 implementation. His professionalism, integrity, and expertise make him an outstanding partner for high-impact regulatory and technical assurance projects.

Cosmin Macaneata

CEO

Omega Trust

General recommendation

Our collaboration with Eduard–Mădălin Bratu in the field of cybersecurity began in 2023 with a comprehensive NIS compliance audit and has naturally evolved into an ongoing partnership since April 2024, where they provide specialized consulting and outsourced CISO services.

We are truly grateful for Mădălin's outstanding expertise, professionalism, and unwavering commitment throughout our collaboration. His guidance and support have greatly improved our organization's ability to protect the confidentiality, integrity, and availability of our critical systems and data.

Mădălin's systematic approach, his keen attention to detail, and his ability to navigate complex cybersecurity and regulatory frameworks were crucial in detecting risks and applying appropriate improvements.

His proactive and collaborative style, coupled with his remarkable talent for simplifying complex technical concepts into clear, business-friendly language, consistently exceeded our expectations. Throughout our collaboration, Mădălin demonstrated constant availability, provided clear and practical advice, and showed a sincere commitment to our cybersecurity goals.

We wholeheartedly recommend Eduard–Mădălin Bratu as a trusted consultant for any organization that needs solid support for NIS Directive compliance and overall cybersecurity governance. His expertise, professionalism, and exceptional service make him an invaluable partner in navigating regulatory complexities.

We sincerely appreciate his contributions and look forward to continuing our successful partnership in the future.

Thank you, Mădălin, for your exceptional support and expertise.

Audit Recommendation

We hereby confirm the collaboration between Lukoil Romania SRL and Sectio Aurea SRL, carried out under the Service Contract No. 05420 dated 28.04.2023, with the period 28.04.2023 - 29.02.2024.

As part of this collaboration, Sectio Aurea SRL provided qualified NIS audit services, in accordance with the legal requirements applicable in the field of cybersecurity, the activities being coordinated and carried out with the direct participation of Mr. Eduard-Mădălin Bratu, as a qualified NIS auditor.

The audit covered the following essential components of the essential environment: • Critical information systems architecture assessment; • Information security and data protection policy audit; • Industrial control systems (ICS/SCADA) audit; • Technical configuration analysis from a cybersecurity risk perspective; • Security testing.
In addition to these activities, the following were also carried out during the execution of the contract: • Verification of the documents prepared by the supplier relating to the security component within: system analysis; detailed technical design; test documentation; administration and use documentation; as well as other technical documentation developed during the implementation stages, implementation and commissioning of the components; training documentation; • Verification and assessment of the compliance of the functional acceptance tests for the security infrastructure with the design documentation and the specifications; • Verification of the degree of concordance between the requirements, technical and functional specifications in the technical documentation (specifications, analysis documentation and technical design, etc.) and the implemented system, from the perspective of the security component; • Highlighting inconsistencies between the technical specifications and the implemented system for the security component; • Verification of the fulfillment of the activities defined within the project and targeting the security component; • Checking the system from the point of view of IT security (hardware, software and communications) and solutions/policies to ensure the continuity of functionalities in the main site; • Permanent collaboration with the management and implementation teams of the contracting authority during the contract; • Participation, as appropriate, in meetings organized within the framework of the project implementation, at the request of the management team; • Verification of the implementation of the recommendations formulated; • Participation in the preparation of a report that includes the justification that the technical specifications of the data centers are consistent with the investment description; • Participation in the preparation of the final audit report for the implementation of the government cloud infrastructure.

All audit activities were carried out with professionalism and methodological rigor. Throughout the project, the Sectio Aurea team demonstrated high professional competence, a structured approach and a remarkable ability to adapt the recommendations to the specifics of our organization and the complexity of the technological environment. The collaboration was carried out in an efficient, open and focused manner on identifying relevant gaps and continuously improving our cybersecurity posture.
We highly recommend the expertise of the Sectio Aurea team to all organizations that wish to assess their level of compliance with the NIS Directive and adopt a practical, yet solidly grounded, approach to cybersecurity governance.

Lukoil Technology Services

Lukoil Romania

Alin Paunescu,

CISO

We hereby recommend S.C. SECTIO AUREA S.R.L., a consulting company specialized in information security and regulatory compliance, as well as the expert Mr. Eduard-Mădălin Bratu, for the consultancy services provided within the projects carried out with our organization.

The services delivered by Sectio Aurea consisted of an integrated set of consulting activities focused on information security governance, risk management, NIS compliance, and preparing the organization for security and regulatory audits.

In summary, the activities included:

Analysis and documentation of the information system architecture, both from a physical and logical perspective, including detailed inventorying of configurations, components, versions, and interdependencies between systems.
Analysis of information flows and of how data is processed within critical systems.
Assessment of the security architecture and technical configurations, benchmarked against industry best practices and applicable regulatory requirements.
Vulnerability analyses and threat modeling, including the evaluation of the likelihood and impact of identified risks.
Definition and optimization of the risk management framework, including the risk methodology, risk matrix, risk registers, and acceptance criteria.
The consulting activities included defining, reviewing, and optimizing the information and cyber risk management framework to ensure alignment with applicable regulatory requirements and integration into the organization’s operational processes.
Mr. Eduard-Mădălin Bratu assisted in the development of the risk assessment methodology, including the identification of critical assets, relevant threats and vulnerabilities, and the evaluation of the probability and potential impact on operations and essential services.
Within this process, the risk matrix was defined and calibrated according to the organization’s specific profile, enabling a coherent, comparable, and repeatable risk assessment process.
Risk registers were also structured and updated, ensuring traceability between risks, treatment measures, responsible parties, and implementation status.
A key element of this process was the establishment of risk acceptance criteria and tolerance thresholds, approved at management level, enabling informed decisions regarding risk acceptance, mitigation, transfer, or avoidance.
The resulting risk management framework is operational, auditable, and easy to use, providing a solid foundation for ongoing compliance, management reporting, and the continuous improvement of information security maturity.
Development, adjustment, and validation of security and compliance documentation.
The consultancy services included developing, reviewing, and optimizing the security and compliance documentation necessary for alignment with applicable regulatory requirements. Activities covered policies, operational and system procedures, risk registers, asset registers, information classification records, and the definition and refinement of auditable control indicators.
The documentation was structured to be coherent, traceable, and easy to use in day-to-day activities, while ensuring consistency between regulatory requirements, practical implementation, and operational evidence. Particular emphasis was placed on validating documents from an audit perspective, ensuring their real applicability and their ability to support independent assessments.
Audit preparation and auditor interaction support.
Mr. Eduard-Mădălin Bratu provided specialized assistance in preparing for and supporting audit and assessment engagements, including NIS, BNR, EBA, SWIFT CSP, ADR, and critical infrastructure audits.
This assistance included preparing and consolidating compliance documentation, structuring audit evidence, correlating control requirements with existing documentation, and supporting the clarification of auditors’ observations.
The consulting team also provided direct support during interactions with auditors, helping explain the implemented control framework, managing additional requests, and formulating official responses, with the objective of reducing non-compliance risks and ensuring a fair and consistent evaluation.
Consultancy in security incident management, business continuity, and the integration of incident response processes with BCP/DRP frameworks.

Throughout the collaboration, Sectio Aurea S.R.L., through the expert Eduard-Mădălin Bratu, demonstrated a high level of professionalism, technical competence, and methodological rigor. The deliverables were well structured, coherent, and directly usable in operational activities as well as in audit and compliance processes.

A distinctive aspect of the collaboration was the team’s ability to translate complex regulatory requirements into clear, practical recommendations tailored to the organizational context, supporting both management and technical teams.

In conclusion, we confidently recommend S.C. SECTIO AUREA S.R.L. and Mr. Eduard-Mădălin Bratu to organizations seeking consultancy services in information security, risk management, NIS compliance, and preparation for security audits, particularly in projects that require confidentiality, rigor, and tangible results.

Patria Bank

Ciprian Andreica-Ghiran,

IT Manager

Hereby, RESTART ENERGY ONE S.A., a Romanian legal entity with its registered office at 11 Gheorghe Doja Street, 2nd Floor, Timișoara, Timiș County, postal code 300195, registered with the Trade Registry Office under no. J35/1297/2015, having VAT number RO 34583200, confirms its collaboration with S.C. SECTIO AUREA S.R.L., based on Contract no. 37 dated 21.02.2023, carried out during the period 21.02.2023 – 17.05.2023 (2 months and 26 days).

The services were delivered by a team of experts composed of Eduard-Mădălin Bratu, …, who approached the project in an integrated, structured, and results-oriented manner, focusing on practical and applicable outcomes.

Within this project, the activities performed covered, in a coherent and interdependent manner, the following main areas:

Information Security Governance, through the definition and optimization of governance structures, clarification of roles and responsibilities, establishment of reporting and feedback mechanisms, definition of relevant KPI/KRI indicators for management, and alignment of internal processes (including internal audit and human resources) with the requirements of the NIS Directive, as well as the delivery of dedicated training sessions.

Business Impact Analysis (BIA), through the identification of critical processes, evaluation of the operational and financial impact of disruptions, analysis of dependencies between processes, systems, and infrastructure, and definition of target RTO and RPO requirements. The BIA results served as the foundation for prioritizing business continuity and recovery measures.

IT Risk Analysis, including the inventory of IT assets, analysis of the logical and physical architecture, evaluation of information flows, identification of vulnerabilities, threat modeling, creation of the risk register, and assistance in operationalizing the risk management process.

Vendor Risk Assessment, through the analysis of contracts, security obligations, service levels, and audit mechanisms, with the identification and evaluation of risks arising from external dependencies.

Identity and Access Management (IAM), through consultancy services related to identity inventory, definition of access rules, management of privileged accounts, digitization of access approval workflows, and recommendations regarding monitoring changes to critical accounts.

Security Architecture and Systems Management, through the definition of IT network segmentation principles, analysis of firewall configurations, establishment of security baselines, management of encryption keys, and alignment of the security architecture with relevant international standards.

Vulnerability Management, through the definition of operational processes for identifying, prioritizing, and remediating vulnerabilities, including the management of exceptions and compensating controls.

Incident Detection and Response Management, through the update of operational procedures, definition of incident management, reporting and analysis workflows, and recommendations for the selection and optimization of supporting security technologies.

Business Continuity Management, through the development and substantiation of the Business Continuity Plan (BCP) and the Disaster Recovery Plan (DRP), including the definition of recovery strategies, roles and responsibilities, as well as testing and training plans.

Throughout the collaboration, the experts Eduard-Mădălin Bratu, Bogdan Bodă Langa, and Mihai Truța demonstrated a high level of professional competence, methodological rigor, and the ability to translate legal requirements and security standards into concrete, applicable measures tailored to the specific needs of our organization.

Considering the quality of the services provided, the level of detail and practical applicability of the deliverables, as well as the added value brought to the project, we confidently recommend S.C. SECTIO AUREA S.R.L. and its team of experts for projects related to NIS / NIS2 compliance, security governance, IT/OT risk management, business continuity, and cybersecurity architecture.

Restart Energy One

International Alexander

Paul Pancotan

IT Manager

Based on Service Contract no. 1 dated 20.08.2021, concluded between INTERNATIONAL ALEXANDER S.R.L. and S.C. SECTIO AUREA S.R.L., we hereby confirm that Mr. Eduard Mădălin Bratu, acting as expert and representative of S.C. SECTIO AUREA S.R.L., provided specialized audit and consultancy services in the field of cybersecurity, with a focus on assessing the level of compliance with the requirements of the NIS Directive (Network and Information Systems), namely Directive (EU) 2016/1148, transposed into national legislation through Law no. 362/2018.

Within this engagement, Mr. Eduard Mădălin Bratu, through S.C. SECTIO AUREA S.R.L., identified by VAT number RO18334569, registered with the Trade Registry under no. J40/1426/2006, with its registered office in Romania, Bucharest, Calea Vitan Street no. 23C, Vitan Business Center, Room 2, Sector 3, postal code 031281, carried out a structured and documented evaluation of the organization’s level of compliance with the applicable legal requirements in the field of network and information systems security.

The activities performed were based on a methodological approach aligned with best practices in cybersecurity auditing and NIS compliance, primarily focusing on the analysis of the information security governance framework, the evaluation of existing technical and organizational controls, the identification of non-conformities and associated risks, the formulation of clear and well-substantiated findings, and the issuance of practical and actionable recommendations aimed at remediating identified non-conformities and increasing the organization’s cybersecurity maturity level.

Throughout the collaboration, Mr. Eduard Mădălin Bratu demonstrated professionalism, strong technical expertise, and a solid understanding of the requirements of the NIS Directive and Law no. 362/2018, as well as the ability to translate regulatory requirements into clear conclusions and relevant recommendations for the organization’s management, supporting informed decision-making in the field of cybersecurity.

Considering the successful completion of all contractual activities and the quality of the services provided, we confidently recommend Mr. Eduard Mădălin Bratu and S.C. SECTIO AUREA S.R.L. to all organizations wishing to evaluate and improve their level of compliance with the requirements of the NIS and NIS2 Directives, as well as to strengthen their overall cybersecurity posture.

The activities carried out also included the definition and consolidation of information security governance, through the development of the security strategy, the definition and optimization of the governance framework, its integration into the organization’s corporate governance, and the review, adjustment, and optimization of information security policies. In this context, key performance indicators and security indicators were defined, along with the associated reporting framework, to support management in the decision-making process.

In the area of information security risk management, activities included defining and optimizing the process for classifying information assets, conducting risk analyses, vulnerability assessments, and threat analyses, identifying and recommending risk treatment measures, and evaluating the effectiveness of existing security controls. Risk management was integrated into business and IT processes, while internal and external factors that could trigger risk reassessment were continuously monitored. Non-conformities and relevant risk changes were reported in a structured manner to facilitate managerial decision-making.

The information security program management was also addressed by establishing and administering security processes and resources, defining and implementing a structured awareness program, developing and managing security standards, procedures and documentation, and integrating security requirements into IT processes and change management processes. Activities also covered business continuity and disaster recovery (BCP & DRP), the integration of security requirements into third-party relationships, and assistance in collecting, consolidating, and presenting relevant information for management and third parties.

In the field of information security incident management, the activities included defining the incident severity hierarchy, notification and escalation processes, the coordination framework for incident response management, internal and external communication plans, as well as post-incident analysis processes (RCA), corrective actions, and risk reassessment. The incident response plan was also integrated with the business continuity and disaster recovery plans.

Specific activities included the development of a cartographic overview of the IT ecosystem, the definition of network and information systems architectures, security risk analysis, the definition of security performance indicators, establishing security requirements for third parties and incorporating them into contracts, defining the processes and the Vulnerability Management Program, defining the Security Incident Reporting and Management System, providing consultancy in the selection of appropriate technical security measures, as well as updating the Business Continuity Plan, crisis management procedures, and disaster recovery plans.

Throughout the collaboration, Mr. Eduard Mădălin Bratu demonstrated professionalism, strong technical competence, and a solid understanding of the requirements of the NIS Directive and Law no. 362/2018, as well as the ability to translate regulatory requirements into clear conclusions and relevant recommendations for the organization’s management.

Considering the successful completion of all contractual activities and the quality of the services delivered, we confidently recommend Mr. Eduard Mădălin Bratu and S.C. SECTIO AUREA S.R.L. to organizations seeking to evaluate and improve their compliance with the requirements of the NIS and NIS2 Directives and to strengthen their cybersecurity posture and information security governance framework.

George Robev

Global Head of Partner Management

I am writing to wholeheartedly recommend Madalin Bratu for any role necessitating expertise in market positioning advisory, account mapping, regulatory alignment, and security governance outsourcing. As the Global Head of Partner Management at Software Group, a leading technology company specializing in digitalization and integration solutions for financial service providers, I have had the privilege of witnessing first-hand the exceptional contributions Madalin has made to our organization and to the broader financial services industry in Romania.

Madalin provided invaluable services to Software Group, notably in market positioning advisory and account mapping, skillfully identifying and capitalizing on potential opportunities within the Romanian banking and insurance sectors. His strategic advisory on aligning our DigiWave solutions with local regulatory requirements was instrumental in our successful local engagement, ensuring compliance while maintaining our commitment to innovation and financial inclusion.

Madalin's role in Security Governance Outsourcing via CISO Bridge offering included in our managed services proposals was crucial for our digital banking services. He harmonized our Information Security Practices with our banking partners and managed daily activities supporting the Bank's CISO. This includes governance, risk management, business impact analysis, security programs, incident response, and ensuring compliance with data privacy standards like GDPR.

Madalin's deep understanding of the regulatory framework and applied knowledge in positioning, integrating, and proposing outsourced GRC managed services within a larger digital banking managed service agreement has been exemplary. His demonstrated experience spans cyber-security sales, global portfolio management, consulting, audit, integration, outsourcing projects, and digitization engagements in the banking sector.

His applied experience in Information Security Management practice, coupled with in-depth working knowledge of major cyber security, security management, and privacy technologies, aligns perfectly, with the needs of organizations looking to navigate the complexities of today's digital landscape. Madalin's ability to articulate value, create security program management strategies, and build rapport with executive decision makers is unparalleled.

Furthermore, Madalin's open-minded, straightforward approach to solving complexities, ability to innovate, and challenge both customer and provider visions on digitizing their business have been crucial in developing new business lines and demonstrating sales leadership in developing local businesses.

In summary, Madalin Bratu's contributions to Software Group and the financial services industry at large are profound and multifaceted. His skills, experience, and personal qualities make him an asset to any organization fortunate enough to have him. I strongly endorse Madalin for any endeavor he chooses to pursue and I am confident he will continue to deliver excellence and innovation.

Software Group

AquaVas

Cosmin Macaneata

CEO

Omega Trust

AQUAVAS SA, .... we confirm the collaboration with SC Sectio Aurea SRL, based on the sectoral service contract no. 4830 dated 09.09.2024.

As part of this collaboration, SC Sectio Aurea SRL provided audit services for the level of compliance with the provisions of Law No. 362/2018 on ensuring a high common level of security of networks and information systems.

The services provided included:

Audit of information systems architecture;
Information security audit;
Audit of industrial control systems (ICS/SCADA);
Audit of technical configuration relevant to cybersecurity;
Penetration testing.

We confirm that all activities were carried out professionally, in accordance with the legal provisions in force and the agreed contractual terms and conditions. The collaboration was carried out in an efficient, transparent and results-oriented manner.

We confidently recommend the expertise of Mr. Eduard Mădălin Bratu to all organizations that wish to evaluate and improve their level of compliance with the requirements of Law No. 362/2018, through a rigorous approach adapted to technological and organizational realities.

Doru Constantine

General Manager

Mr. Eduard-Mădălin Bratu provided, within this contract, integrated consulting services for the implementation of the NIS (Network and Information Systems) Directive, EU Directive 2016/1148, implemented by Law No. 362/2018 on ensuring a high common level of security of networks and information systems.

More specifically, Mr. Eduard-Mădălin Bratu provided the following activities:

Pre-audit of the level of compliance with legal requirements;
Elaboration of the cartographic situation of the ecosystem;
Creating and defining the architecture of networks and information systems;
Security risk analysis;
Defining security performance indicators;
Defining security requirements for third-party contractors and including them in signed contracts;
Defining a process for identifying, classifying, remediating and eliminating vulnerabilities;
Defining a vulnerability management program;
Defining a system for reporting security incidents and organizing security incident management;
Consultancy in the selection of appropriate technical measures;
Updating the Business Continuity Plan, crisis management and disaster recovery procedures;
Providing third-party opinions and detailed explanatory sessions, regarding the consistency of the documentation developed by SCCRABSA and the measures necessary to obtain a positive NIS audit opinion;
Assistance in interacting with NIS auditors.

Considering that SC Sectio Aurea SRL successfully completed all the activities in the contract, we offer this recommendation to Mr. Eduard-Mădălin Bratu for specialized consulting services in Cyber Security.

Cosmin Macaneata

CEO

Omega Trust

"I am deeply grateful for Madalin Bratu's remarkable contribution to the implementation of NIS legislation within our firm.
With his experience and deep understanding of legislative requirements, Madalin coordinated the compliance process in an efficient and smooth manner.
His expertise in cybersecurity and ability to successfully navigate the complexities of regulations were invaluable.

I confidently recommend Madalin Bratu's services to all those looking for a reliable partner in implementing and complying with NIS legislation."

Apa Canal Bacau

Software Group

Apa Canal Galati

Cosmin Macaneata

CEO

Omega Trust

Eduard Mădălin Bratu, acting as sole administrator of S.C. Sectio Aurea S.R.L., provided specialized consultancy services in the field of information security management. Mr. Eduard Mădălin Bratu delivered integrated consultancy services for the implementation of the NIS Directive (Network and Information Systems), Directive (EU) 2016/1148, transposed into Romanian legislation through Law no. 362/2018, ensuring a high common level of security for network and information systems.

Overall, between 02.06.2022 and 05.04.2023, Eduard Mădălin Bratu delivered specialized services in the following areas:

Information Security Governance

Definition of the information security strategy;
Definition of the information security governance framework;
Integration of information security governance into the company’s corporate governance structure;
Review, adjustment, and optimization of information security policies;
Definition of key information security indicators and establishment of a reporting framework.

Information Security Risk Management Framework

Definition and optimization of the information asset classification process;
Risk assessments, vulnerability assessments, and threat analyses;
Identification, recommendation, or monitoring of the implementation of risk treatment/response options in order to manage risk at an acceptable level;
Assessment of whether existing information security controls are adequate and effectively manage risks at an acceptable level;
Continued optimization of the integration of information risk management into business and IT processes, as well as into the bank’s existing information risk management framework;
Monitoring of internal and external factors that may require risk reassessment;
Reporting of non-compliance and other changes in information risk in order to facilitate management decision-making in risk management.

Information Security Program Management

Establishment and management of information security processes and resources;
Establishment of a structured security awareness program;
Establishment of communication mechanisms and management of standards, guidelines, procedures, and other information security documentation at the organizational level to guide and enforce compliance with information security policies;
Optimization of the integration of information security requirements into IT processes;
Change control processes related to information security management;
Business continuity and disaster recovery;
Optimization of the integration of information security requirements into contracts and activities of third parties directly related to the delivered solution;
Assistance in optimizing, communicating, and monitoring key information security indicators;
Support in compiling and presenting data requested by regulatory authorities and third-party audits.

Information Security Incident Management

Definition of the severity hierarchy of information security incidents, including notification and escalation processes;
Definition of a coordination and management framework for the incident response plan for qualified security incidents, in collaboration with the IT Security Operations team;
Establishment of communication plans and processes for managing communication with internal and external stakeholders;
Establishment of a post-incident review framework to determine the root cause of information security incidents, develop corrective actions, reassess risks, evaluate response effectiveness, and implement appropriate remediation measures;
Establishment of the integration between the incident response plan, the business continuity plan, and the disaster recovery plan.

Considering that Eduard Mădălin Bratu, acting as sole administrator of S.C. Sectio Aurea S.R.L., successfully completed all contractual activities, we provide this recommendation for his specialized consultancy services in the field of cybersecurity and information security management.

Sorin Calinica,

Head of IT Service

George Turcu
Responsible for Scada

The Apă Canal Galați Company, a regional operator of drinking water and sewage supply in Galați County, confidently recommends Mr. Mădălin Bratu as a consultant in the field of information security.

I have worked with Mr. Bratu over the past year on the implementation of the NIS Directive (EU Directive on the security of network and information systems). Mr. Bratu demonstrated an exceptional level of professionalism, competence and dedication throughout the entire project.

Mr. Bratu's key skills include:

Deep technical expertise: Mr. Bratu has a vast knowledge of cybersecurity principles and practices. He was able to quickly identify vulnerabilities and provide effective solutions to fix them.
Excellent analytical skills: Mr. Bratu carefully assessed our specific needs and developed a NIS implementation plan tailored to our needs.
Clear and concise communication: Mr. Bratu was able to explain complex cybersecurity concepts to us in an easy-to-understand way, ensuring that we had a complete picture of the project.
Excellent interpersonal skills: Mr. Bratu collaborated closely with our team, building relationships of trust and mutual respect.

The results of our collaboration with Mr. Bratu include:

Successful implementation of the NIS Directive within the established deadline;
Significantly increasing the security level of our networks and IT systems;
Developing a more robust cybersecurity culture within our organization.

We are convinced that Mr. Bratu would be a valuable asset to any organization that needs consulting in the field of information security.
We recommend it with confidence.

Alin Moscalu, Head of IT Department

"Over the last four years, our collaboration with Sectio Aurea, led by Mr. Mădălin Bratu, has been extremely valuable.
We express our sincere gratitude for the excellent advisory services, consistently demonstrating professionalism, competence and a personalized approach tailored to the specific needs of our company. The Sectio Aurea team was remarkably open and responsive to our requests, providing constant guidance with clear answers and effective solutions.

We recognize the significant contribution of Sectio Aurea services in improving our security measures and strengthening business and data protection. Their expertise and evident experience in the field of cybersecurity have produced tangible results.

Our appreciation extends to Mr. Mădălin Bratu and the entire team for their efforts in ensuring compliance with the NIS Directive.
We are pleased to recommend Sectio Aurea's services to companies looking for trusted security advice.
We confidently support Dansului's services for those looking for a reliable security partner."

Apa Vital Iasi

Elena Lăcătușu Information Security Officer, RNIS

"We had the opportunity to collaborate with Sectio Aurea, through Mr. Mădălin Bratu, in the last 4 years and we want to express our sincere thanks for the excellent advisory services they offered us. At every stage, every time, the collaboration with the Sectio Aurea team was outstanding, demonstrating a high level of professionalism and competence, an understanding and personalized approach to the specific needs of our company, as well as a great openness and responsiveness to our requests.

We especially appreciate the constant willingness to help and guide us throughout the collaboration, providing clear answers and effective solutions. The contribution of Sectio Aurea services has helped us increase our security level and improve the way we protect our business and data. The expertise and vast experience provided to us in the field of cyber security is evident in the results we have achieved.

Our thanks go to Mr. Mădălin Bratu and his entire team for their efforts in ensuring compliance with the NIS Regulation and we are pleased to recommend the services of Sectio Aurea to all companies looking for reliable security advice.

We confidently recommend your services to anyone looking for a reliable security partner, and we are confident that working with you will help us have a more secure business environment and further protect against cyber threats."

George Popescu

General Manager

We hereby confirm the collaboration between APA SERVICE S.A. and S.C. SECTIO AUREA S.R.L. (RO18334569), carried out under Contract no. 16716 dated 29.10.2024 – “Consultancy Services for the Implementation of the NIS Directive Requirements”, with an execution period from 29.10.2024 to 30.05.2025 (7 months and one day).

The objective of the contract was to support APA SERVICE S.A. in aligning with the requirements of the NIS Directive, by strengthening the information security governance framework, assessing cyber and operational risks, and establishing the foundations for business continuity and resilience of essential services.

Within this project, S.C. Sectio Aurea S.R.L. provided specialized consultancy services that covered, in an integrated manner, the following key areas:

Information Security Governance

Definition and optimization of governance structures, roles, and responsibilities;
Establishment of reporting and feedback channels;
Definition of management-relevant KPI/KRI indicators;
Alignment of internal processes (including internal audit and human resources) with NIS legal requirements;
Delivery of dedicated training sessions.

Business Impact Analysis (BIA)

Identification of critical processes;
Assessment of the operational and financial impact of disruptions;
Identification of dependencies between processes, systems, and infrastructure;
Definition of target RTO and RPO requirements.
The BIA results formed the basis for prioritizing business continuity and recovery measures.

IT and OT/ICS Risk Analysis

Inventory of IT and SCADA assets;
Analysis of logical and physical architecture;
Evaluation of information flows;
Identification of vulnerabilities and threat modeling;
Development of the risk register and assistance in implementing the risk management process.

Vendor Risk Assessment

Analysis of contracts, security obligations, service levels, and audit mechanisms;
Identification and evaluation of risks arising from external dependencies.

Identity and Access Management (IAM)

Consultancy for identity inventory;
Definition of access rules and privileged account management;
Digitization of access approval workflows;
Recommendations for monitoring changes to critical accounts.

Security Architecture and Systems Management

Definition of IT and OT network segmentation principles;
Analysis of firewall configurations;
Establishment of security baselines;
Encryption key management;
Alignment of the security architecture with relevant international standards (NIST, ISA/IEC 62443).

Vulnerability Management

Definition of operational processes for identifying, prioritizing, and remediating vulnerabilities;
Management of exceptions and compensating controls.

Incident Detection and Response Management

Updating operational procedures;
Definition of incident management, reporting, and analysis workflows;
Recommendations for the selection and optimization of supporting security technologies.

Business Continuity Management

Development and substantiation of the Business Continuity Plan (BCP) and the Disaster Recovery Plan (DRP);
Definition of recovery strategies, roles, and responsibilities;
Establishment of testing and training plans.

The consultancy services were delivered by a team of experts from S.C. Sectio Aurea S.R.L., including Eduard-Mădălin Bratu, …, who demonstrated a high level of professional competence, methodological rigor, and the ability to translate legal requirements and security standards into practical measures tailored to the specific context of our organization.

As a result of this collaboration, APA SERVICE S.A. benefited from a coherent and structured information security governance framework, a clear understanding of operational risks and impacts, and a solid foundation for implementing the technical and organizational measures necessary to comply with the NIS Directive and enhance operational resilience.

Based on this experience, we confidently recommend S.C. Sectio Aurea S.R.L. as a provider of consultancy services in the fields of cybersecurity, IT governance, risk management, and NIS/NIS2 compliance.

Apa Service Giurgiu

Carmen Borcea, General Manager, Happy Credit IFN

"Madalin Bratu demonstrated a rare and commendable level of expertise and dedication. Her understanding and application of data protection and cybersecurity regulations were truly exceptional.
Madalin's professionalism and ability to simplify complex regulatory requirements ensured that our operations were fully compliant, which is a significant achievement for our organization.
His methodical approach in analyzing our systems and processes was thorough and insightful. Madalin identified potential vulnerabilities and areas for improvement with great attention to detail. His proactive stance in providing clear, concise, and personalized recommendations greatly facilitated the improvement of our security and compliance posture.
What sets Madalin apart is his ability to communicate complex technical concepts in an accessible way, making the audit process collaborative and educational for our team. His commitment to professionalism, integrity, and reliability was evident throughout our collaboration. Madalin was always available to answer our questions, providing timely and effective guidance.
The expertise and support provided by Madalin Bratu and Sectio Aurea SRL were instrumental in ensuring our full compliance with the law. Their services not only met, but exceeded our expectations, making them a valuable partner in our ongoing efforts to maintain the highest standards of security and regulatory compliance.
I highly recommend Madalin Bratu and Sectio Aurea SRL to any organization seeking expert guidance in the field of cybersecurity and compliance. His knowledge, dedication, and exceptional service standards make him an invaluable asset in navigating the complexities of regulatory compliance."

Happy Credit IFN

Lavinia Ungureanu, Director General, Best Credit IFN

"Mr. Madalin's professionalism and ability to simplify complex regulatory requirements ensured our full compliance, marking a significant moment for our organization. His systematic and thorough review of our systems and processes highlighted potential risks and areas for improvement, demonstrating his meticulous attention His proactive approach in providing clear and personalized advice has significantly strengthened our security and compliance measures.
Mr. Madalin's unique ability to articulate complex technical issues in a simple way made the audit a cooperative and educational experience for our team. His unwavering commitment to professionalism, integrity and reliability was evident throughout our partnership. Mr. Madalin's willingness to address our concerns and provide timely and efficient solutions further differentiated his service.
The expertise and assistance provided by Mr. Madalin Bratu and Sectio Aurea SRL were crucial in achieving and maintaining legal compliance. Their services have exceeded our expectations, proving to be a trusted partner in maintaining the highest standards of security and regulatory compliance.
I wholeheartedly recommend Mr. Madalin Bratu and Sectio Aurea SRL to any entity that needs expert guidance in cyber security and compliance. Their knowledge, commitment and superior service quality make them an essential resource in managing the complexities of regulatory compliance."

Best Credit IFN

Lucian Plum

Avinto Finance IFN SA

CEO

"With great confidence I express my support for Mr. Madalin Bratu and Sectio Aurea SRL for their audit services in the field of cybersecurity.
The collaboration with Madalin Bratu and Sectio Aurea was extremely advantageous, especially in terms of compliance with the provisions of ANAF Order No. 146/2022.
In his role as lead auditor, Mr. Madalin Bratu demonstrated an exceptional level of knowledge and commitment. His competence in interpreting and applying regulations was remarkable.
Madalin's professional demeanor and ability to simplify the complexities of these regulations ensured that our operations remained in full compliance, a notable achievement for our company. Madalin's meticulous review of our operational systems and procedures was comprehensive. He identified areas of risk and improvement, demonstrating a keen eye for detail. His proactive approach in providing precise, concise and personalized advice contributed substantially to strengthening our security and compliance framework.
Madalin's distinctive ability to express sophisticated technical concepts in a way that was easy for our team to understand made the audit a collaborative and educational experience. Throughout our collaboration, his unwavering dedication to professionalism, ethical standards, and reliability was consistently evident. Madalin was always available to answer our questions and provide timely and effective advice.
The expertise and assistance provided by Madalin Bratu and Sectio Aurea SRL were crucial in ensuring our organization's full compliance with ANAF regulations.
Their contributions exceeded our expectations, confirming their status as a vital partner in our ongoing commitment to achieving the highest levels of security and regulatory compliance.
I wholeheartedly recommend Madalin Bratu and Sectio Aurea SRL to organizations that need expert advice in the field of cybersecurity and regulatory compliance.
"His deep expertise, dedication and superior service quality make him an indispensable resource in managing the complexities of regulatory compliance."

Avinto Finance IFN

Multisoft

Cosmin Macaneata

CEO

Omega Trust

We hereby confirm the collaboration with S.C. SECTIO AUREA S.R.L., through the key expert Eduard Mădălin Bratu, within the consultancy project for compliance with Regulation (EU) 2016/679 – GDPR, carried out during the period 08.02.2019 – 08.09.2019.

Within this project, S.C. SECTIO AUREA S.R.L., through Mr. Eduard Mădălin Bratu, provided specialized legal and technical consultancy services aimed at assessing the organization’s level of compliance with GDPR requirements, defining and designing the Data Protection Management Program, and increasing employee awareness regarding the obligations and responsibilities arising from the applicable legislation.

The project began with an extensive technical and organizational audit phase, which included training and awareness sessions on GDPR requirements, analysis of the internal regulatory framework, organizational structure, existing operational processes, and the architecture of the information system. Personal data processed within each business process were identified and documented, including the legal bases for processing, categories of data, the roles assumed by the organization (controller or processor), and the data flow within the information systems.

Detailed analyses were also conducted regarding the confidentiality, integrity, and availability of personal data, including Privacy Impact Analyses, vulnerability assessments, and threat modeling, which formed the basis for a structured risk analysis. Identified risks were evaluated based on probability and impact, prioritized, and correlated with concrete recommendations for risk treatment and mitigation, from both technical and organizational perspectives.

A key outcome of the project was the delivery of the complete documentation required for GDPR compliance, including the Record of Processing Activities in accordance with Article 30 of the Regulation, documentation of relevant business processes, the Data Protection Impact Assessment, as well as the risk analysis of the information system. This included the inventory of IT infrastructure, architectural diagrams, data flow diagrams, and risk matrices before and after the implementation of recommended security measures.

As part of the extended compliance audit, a consolidated evaluation report was prepared, structured according to the relevant GDPR articles (Art. 5, 6, 12–22, 25, 26, 28, 30, 32, 33–36). The report highlighted the existing level of compliance, the associated risks and implications, and the required remediation actions.

Additionally, the primary elements of the Data Protection Management System (DPMS) were defined and delivered, including policies, procedures, registers, and specific forms related to data protection, information security, third-party relationships, management of data subject rights, international data transfers, and security incident management.

Throughout the project, Mr. Eduard Mădălin Bratu provided continuous assistance for implementing the recommended measures, offering methodological, legal, and technical support, as well as recommendations for selecting and implementing appropriate security measures tailored to the specific nature of our organization’s activities and infrastructure.

As a result of this collaboration, S.C. Multisoft S.R.L. achieved a significant improvement in its level of GDPR compliance, a better understanding of applicable legal obligations, and a clear and operational framework for managing personal data protection.

Considering the professionalism, technical and legal expertise demonstrated, as well as the quality and practical applicability of the deliverables provided, we confidently recommend S.C. SECTIO AUREA S.R.L. and Mr. Eduard Mădălin Bratu, as key expert, for GDPR consultancy and implementation projects, as well as for complex initiatives related to governance, information security, and regulatory compliance.

Cosmin Macaneata

CEO

Omega Trust

Our company, by its nature, carries out many activities that involve the processing of personal data, both of its own employees. Thus, in 2019, following a selection of offers, we chose the company represented by Mr. Bratu as a consultancy provider in the field for all SSG group companies.
Both the superior quality of the teaching material provided and the promptness of its delivery, the seriousness of the collaborators he chose for implementation, recommend Mr. Bratu as a reliable partner, with perfect professionalism and whose deliverables meet high quality standards.
I particularly highlight the recommendations and solutions presented for the IT infrastructure, website and information technology aspects that were corroborated with the expansion of our headquarters and implicitly the related infrastructure. Another aspect worth noting is the ease of identifying the GDPR issue with the specifics of our activity.
Given his knowledge, management and experience necessary to carry out activities in this field, I recommend Mr. Mădălin Bratu for future collaborations.

SSG Group

Talk directly with a cybersecurity expert

Schedule a one-to-one session with Mădălin Bratu, a consultant with over 20 years of experience in IT and cybersecurity and founder of Sectio Aurea.

During this discussion, you will be able to analyze your organization's security challenges and receive practical recommendations for protecting your IT infrastructure and increasing your level of cyber resilience.

You will have direct access to the expertise of a top-tier cybersecurity team, specializing in governance, risk management, and compliance.

Schedule a meeting and discover solutions tailored to your organization's needs.

👉 Contact us

​Voice of the customer

Our clients talk about results, not promises. The recommendations below reflect real collaborations, where security meant clarity, decision, and responsibility.

NIS Audit Recommendation 2

NIS Consulting Recommendation 2

NIS Audit Recommendation 2

General recommendation

Audit Recommendation

Information Security Governance

Information Security Risk Management Framework

Information Security Program Management

Information Security Incident Management

Information Security Governance

Business Impact Analysis (BIA)

IT and OT/ICS Risk Analysis

Vendor Risk Assessment

Identity and Access Management (IAM)

Security Architecture and Systems Management

Vulnerability Management

Incident Detection and Response Management

Business Continuity Management

Carmen Borcea, General Manager, Happy Credit IFN

Lavinia Ungureanu, Director General, Best Credit IFN

Talk directly with a cybersecurity expert

Voice of the customer

Our clients talk about results, not promises.
The recommendations below reflect real collaborations, where security meant clarity, decision, and responsibility.