Orange Polska

Orange Polska

Speciality: Website and Infrastructure Penetration Testing

Warszawa, Poland 10001 employees Publishes CVEs
Visit Website View on LinkedIn
[01] About

Telecommunications company based in Poland; 2,856 employees, PLN12.7B annual revenue, founded in 1991, headquartered in Warszawa, Poland. Offers internet, mobile, TV, fixed-line services, and cybersecurity testing including penetration testing via CERT Orange Polska, which conducts controlled security assessments of client IT infrastructure.

Orange Polska is the principal supplier of telecommunications services in Poland. Orange Polska provides services, including fixed-line voice telecommunications, voice mail, fixed access to the Internet and Voice over Internet Protocol (“VoIP”). Orange Polska provides telecommunications services on the basis of entry number 1 in the register of telecommunications companies carried out by the President of Office of Electronic Communication. Through its subsidiary, Polska Telefonia Komórkowa-Centertel Sp. z o.o., the Group is one of Poland’s major DCS 1800 and GSM 900 mobile telecommunications providers. PTK-Centertel also provides third generation UMTS services and services based on the CDMA technology. In addition, the Group provides leased lines, radio-communications and other telecommunications value added services, sells telecommunications equipment, electronic phone cards and provides data transmission, multimedia services and various Internet services. As at the end of 2012 Orange Polska had over 20 million customers of different services (mobile, fixed voice, broadband, TV). As at the end of 2012 we achieved revenue of PLN 14.1 billion, EBITDA margin at 34.2% and net free cash flows of PLN 1.5 billion.
[02] Services
Provides Telecommunications Services Including Fixed-line Voice
Mobile Subscriptions
High-speed Fiber Optic Internet
Television Packages
Smart Devices
Cybersecurity Services Such As Penetration Testing Through Its CERT Orange Polska Team.
[03] Certifications
ISO 27001

ISO 27001: Information Security Management Certification


Origin


ISO 27001 was developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and was first published in 2005. It evolved from the British Standard BS 7799-2, which was created in the late 1990s. The standard was developed in response to the growing need for organizations to systematically manage and protect sensitive information in an increasingly digital business environment. ISO 27001 has since been revised, with major updates released in 2013 and 2022 to address evolving cybersecurity threats and best practices.


Industry Value and Importance


ISO 27001 is globally recognized as the leading standard for information security management systems (ISMS) and is valued for providing a systematic, risk-based approach to protecting sensitive data. Organizations that achieve ISO 27001 certification demonstrate to clients, partners, and regulators that they have implemented comprehensive security controls and are committed to maintaining confidentiality, integrity, and availability of information. The certification is particularly important for organizations handling sensitive data, as it helps meet regulatory compliance requirements, reduces security incidents, builds customer trust, and often provides a competitive advantage in procurement processes where information security assurance is required.
ISO 27018

ISO 27018: Origin


ISO 27018 was developed by the International Organization for Standardization (ISO) and officially published in 2014. It was created as the first international code of practice specifically designed to address the protection of personally identifiable information (PII) in public cloud computing environments. The standard emerged in response to growing concerns about data privacy and security as organizations increasingly migrated their operations and sensitive data to cloud service providers, necessitating clear guidelines for how cloud providers should handle personal information.


Industry Importance and Value


ISO 27018 is highly valued in the industry because it provides cloud service providers with a recognized framework for demonstrating their commitment to protecting customer data privacy. The certification is particularly important for organizations operating under strict data protection regulations like GDPR, as it helps establish compliance with privacy requirements and builds trust with clients who are entrusting their sensitive information to cloud environments. For businesses selecting cloud providers, ISO 27018 certification serves as a reliable indicator that the provider implements appropriate controls for PII protection, including transparent data handling practices, customer rights management, and restrictions on how personal data can be used or disclosed.
PCI DSS

PCI DSS Certification


Origin


The Payment Card Industry Data Security Standard (PCI DSS) was created in 2004 by the major credit card companies: Visa, Mastercard, American Express, Discover, and JCB International. These companies formed the PCI Security Standards Council in 2006 to manage and evolve the standard. PCI DSS was developed in response to increasing credit card fraud and data breaches, establishing a unified set of security requirements for all organizations that store, process, or transmit cardholder data. The goal was to create consistent security measures across the payment card industry to protect sensitive payment information.


Industry Value and Importance


PCI DSS compliance is mandatory for any business that handles credit card transactions, making it one of the most critical security standards in commerce today. The certification demonstrates that an organization has implemented robust security controls, including network protection, access management, encryption, and regular security testing. Non-compliance can result in severe consequences, including substantial fines (up to $100,000 per month), increased transaction fees, loss of payment processing privileges, and reputational damage following a breach. For IT professionals, PCI DSS expertise is highly valued as organizations across all industries need qualified personnel to implement, maintain, and audit these security controls.