How Does the Cybersecure Local Government Program Work? Goals, Amounts, and Evaluation Criteria

Cybersecurity is not just about technology, but also about employee awareness and appropriate procedures. That’s why it’s so important for local governments to invest in modern solutions and training programs that will enable them to effectively counteract cyber threats.

Quick Navigation

• What is the Cybersecure Local Government Program?
• What Are the Main Goals of the Program?
• Who Can Apply for Funding?
• What Funding Amounts Are Available?
• What Areas Can the Funds Be Used For?
• How Does the Program Support the Organizational Area of Cybersecurity?
• How Does the Program Strengthen Cybersecurity Competencies?
• What Technical Solutions Can Be Financed?
• How Does the Grant Application Process Work?
• What Documents Are Required?
• What Are the Application Evaluation Criteria?
• How Does Project Implementation Proceed After Receiving Funding?
• What Are the Local Government’s Obligations During Project Implementation?
• How Does Fund Settlement Work?
• What Support Do Program Organizers Offer?
• How Does the Program Fit into the Country’s Broader Cybersecurity Strategy?

What is the Cybersecure Local Government Program?

The Cybersecure Local Government Program is a comprehensive government initiative aimed at strengthening cybersecurity in local government units in Poland. It was launched by the Ministry of Digital Affairs in response to growing cyber threats that increasingly affect local administrations.

The program offers financial and substantive support for local governments, enabling them to invest in modern technological solutions, employee training, and implementation of effective security procedures. The total pool of funds allocated to the program amounts to approximately 1.9 billion PLN, making it one of the largest such initiatives in Europe.

Cybersecure Local Government covers all levels of local administration - municipalities, counties, and voivodeships. In total, the program is directed at 2,807 local government units throughout the country. Particular emphasis is placed on supporting smaller units that often have limited resources and competencies in cybersecurity.

The program is characterized by a comprehensive approach to cybersecurity. It is not limited only to providing hardware or software but also includes building competencies, creating procedures, and raising awareness of threats among local government employees. Thanks to this, it has a chance to bring long-lasting and significant effects in improving digital security at the local level.

It’s worth emphasizing that the Cybersecure Local Government program is part of a broader strategy for digitization and securing the state’s critical infrastructure. It is based on the assumption that strong and attack-resistant local governments are the foundation of the entire country’s digital security.

What Are the Main Goals of the Program?

The main goals of the Cybersecure Local Government program focus on comprehensively strengthening the resilience of local government units to cyber threats. The program aims to create solid foundations of information security in local governments, which will translate into better protection of residents’ data and more efficient functioning of local administration.

Key program goals include:

• Raising the level of knowledge and competencies of LGU personnel in cybersecurity. The program assumes conducting a series of training sessions and workshops that will allow local government employees to better understand cyber threats and effectively counteract them. It is planned to train at least 50,000 local government employees within the next two years.
• Implementation or update of information security policies (ISMS) in local government units. Thanks to this, local governments will have clearly defined procedures and standards for data protection, allowing for a more effective response in case of security incidents.
• Implementation of advanced technical measures, such as intrusion detection and prevention systems, data backup solutions, or network monitoring tools. It is planned that by the end of 2025, at least 80% of local governments will implement advanced cyberattack protection systems.
• Increasing the ability of local governments to quickly detect and respond to security incidents. Within the program, it is planned to create regional cybersecurity centers that will support smaller units in crisis situations.
• Creating a cybersecurity culture in local governments, where threat awareness and responsible practices will be an integral part of daily work. The goal is for at least 95% of local governments to have active cybersecurity awareness programs among employees by 2026.

Achieving these goals should contribute to a significant increase in local governments’ resistance to cyberattacks, improved protection of residents’ personal data, and increased trust in e-services provided by local administration. The Cybersecure Local Government program is also intended to stimulate the development of the local IT and cybersecurity market, contributing to creating new jobs in this sector.

Who Can Apply for Funding?

The Cybersecure Local Government program is directed at a wide spectrum of local government units in Poland, covering all levels of local administration. Specifically, the following can apply for support under the program:

• Municipalities - both urban, rural, and urban-rural. The program covers all 2,477 municipalities in Poland, from the smallest rural units to the largest cities.
• Counties - all 314 land and city counties can apply for program funds.
• Voivodeships - all 16 voivodeship local governments are entitled to participate in the program.

The program is available to local government units regardless of their size or level of advancement in cybersecurity. This means that both small rural municipalities just beginning their digitization journey and large cities with extensive IT infrastructure can find appropriate support in the program.

The program also includes organizational units of local governments, such as city and municipality offices, county offices, marshal’s offices, and other subordinate institutions (e.g., cultural, educational, or social assistance units), provided they are public finance sector entities.

An important reservation is the exclusion from the program of healthcare facilities, which have dedicated, separate support programs in cybersecurity.

To ensure fair access to funds, the program introduces differentiated funding thresholds depending on the size and wealth of the local government unit. Thanks to this, even the smallest and least affluent municipalities have a chance for significant support in cybersecurity.

It’s worth emphasizing that the program is open to all eligible units, regardless of their current level of advancement in cybersecurity. Both local governments just beginning their digital transformation journey and those wanting to further develop their competencies and infrastructure in this area are encouraged to participate.

What Funding Amounts Are Available?

The Cybersecure Local Government program offers significant financial support for local government units, with funding amounts adjusted to the size and needs of individual local governments. The amount of funding varies and depends on several key factors:

• For municipalities: • Minimum funding amount is 200,000 PLN • Maximum funding amount reaches 850,000 PLN • The exact amount depends on the number of residents and the municipality’s tax income indicator

• For counties: • Minimum funding amount is also 200,000 PLN • Maximum amount can be 850,000 PLN • Grant amount depends on the number of county residents

• For voivodeships: • All voivodeship local governments can apply for the maximum funding amount of 1,000,000 PLN

The program assumes a flexible approach to financing, taking into account the specific needs and challenges of different types of local governments. For example, smaller rural municipalities that often have limited own resources can count on a higher percentage of funding in relation to the total project value.

The funding level can reach up to 100% of eligible project costs for the smallest and least affluent municipalities. For larger local government units, a certain own contribution is required, the amount of which depends on the tax income indicator per resident.

The total pool of funds allocated to the Cybersecure Local Government program amounts to approximately 1.9 billion PLN. This significant amount is intended to ensure that even smaller and less affluent local governments can implement comprehensive cybersecurity projects.

It’s worth emphasizing that local governments can apply for funds to implement comprehensive projects covering both investments in technical infrastructure and soft activities such as training or security audits. This flexibility allows projects to be tailored to the individual needs and priorities of each local government unit.

The program also provides for the possibility of combining funds from other financing sources, allowing for the implementation of more ambitious and comprehensive cybersecurity projects.

What Areas Can the Funds Be Used For?

The Cybersecure Local Government program offers a wide spectrum of activities that can be financed under granted funds. Funds can be allocated to three key areas: organizational, competency, and technical. Here is a detailed overview of possibilities:

• Organizational area: • Development and implementation of information security policies • Conducting security audits and risk analyses • Creating incident response procedures • Developing business continuity and disaster recovery plans • Implementing an information security management system compliant with ISO 27001

• Competency area: • Organizing cybersecurity training for employees at all levels • Conducting specialized courses for IT teams • Implementing cyber threat awareness programs • Organizing security incident exercises and simulations • Participation in cybersecurity industry conferences and workshops

• Technical area: • Purchase and implementation of antivirus and anti-malware systems • Implementation of next-generation firewall solutions • Implementation of intrusion detection and prevention systems (IDS/IPS) • Purchase and configuration of data backup and recovery solutions • Modernization of network infrastructure, including network segmentation • Implementation of identity and access management systems (IAM) • Implementation of data and communication encryption solutions • Purchase of network traffic monitoring and analysis tools

Additionally, the program enables financing of cybersecurity consulting and advisory services that can help local governments identify the best solutions tailored to their specific needs and challenges.

It’s worth emphasizing that this list is not exhaustive, and local governments have some flexibility in proposing activities that best meet their individual cybersecurity needs. The key is that proposed activities contribute to achieving the main program goals and comply with guidelines set by the organizers.

The program encourages a comprehensive approach combining elements from all three areas. This integrated approach is intended to ensure lasting improvement in cybersecurity levels in local government units.

How Does the Program Support the Organizational Area of Cybersecurity?

The Cybersecure Local Government program strengthens cybersecurity competencies through:

• Comprehensive employee training: The program finances a wide range of training, from basic cybersecurity awareness courses for all employees to advanced technical training for IT specialists. The goal is to raise the general level of cyber threat knowledge throughout the organization.

• Specialized courses for IT teams: Advanced technical training is provided for IT department employees, covering topics such as network management, system security, malware analysis, or incident response. The program enables obtaining industry certifications such as CISSP, CEH, or CISM.

• Awareness-building programs: Local governments can implement long-term cybersecurity awareness programs. These include regular information campaigns, newsletters, posters, or interactive workshops aimed at maintaining a high level of vigilance among employees.

• Attack simulations and practical exercises: The program supports organizing practical exercises such as phishing simulations or penetration tests. This allows employees to experience real attack scenarios in a safe environment and learn proper responses.

• Participation in conferences and workshops: Funding also includes participation of local government employees in industry conferences and cybersecurity workshops. This is an excellent opportunity to exchange experiences and learn about the latest trends in digital security.

• E-learning platform: As part of the program, a dedicated e-learning platform is being created, offering a wide range of online cybersecurity courses. This enables flexible and continuous employee skill improvement.

• Mentoring and coaching: The program provides for the possibility of using expert services who serve as mentors for IT teams in local governments. This ensures continuous support and the ability to consult on complex security issues.

• Creating practitioner communities: Supporting the creation of contact networks between cybersecurity specialists from different local governments is encouraged. Regular meetings and experience exchange forums are organized, promoting mutual learning and dissemination of good practices.

• Internship and apprenticeship programs: The program encourages local governments to create internship and apprenticeship programs for students studying cybersecurity-related fields. This is not only a way to acquire new talents but also to build a long-term competency base.

• Competency certification: Local governments can implement internal cybersecurity competency certification systems. This motivates employees for continuous development and allows for objective assessment of skill levels in the organization.

Thanks to these comprehensive activities, the Cybersecure Local Government program not only raises the current competency level but also creates a culture of continuous learning and development in cybersecurity. This is a key element of building long-term resistance to digital threats in local government units.

How Does the Program Strengthen Cybersecurity Competencies?

The Cybersecure Local Government program places great emphasis on strengthening the cybersecurity competencies of local government employees. This is a key element of building resistance to digital threats because even the best technical solutions may prove ineffective without properly trained personnel. Here’s how the program supports competency development:

• Comprehensive employee training: The program finances a wide range of training, from basic cybersecurity awareness courses for all employees to advanced technical training for IT specialists. The goal is to raise the general level of cyber threat knowledge throughout the organization.

• Specialized courses for IT teams: Advanced technical training is provided for IT department employees, covering topics such as network management, system security, malware analysis, or incident response. The program enables obtaining industry certifications such as CISSP, CEH, or CISM.

• Awareness-building programs: Local governments can implement long-term cybersecurity awareness programs. These include regular information campaigns, newsletters, posters, or interactive workshops aimed at maintaining a high level of vigilance among employees.

• Attack simulations and practical exercises: The program supports organizing practical exercises such as phishing simulations or penetration tests. This allows employees to experience real attack scenarios in a safe environment and learn proper responses.

• Participation in conferences and workshops: Funding also includes participation of local government employees in industry conferences and cybersecurity workshops. This is an excellent opportunity to exchange experiences and learn about the latest trends in digital security.

• E-learning platform: As part of the program, a dedicated e-learning platform is being created, offering a wide range of online cybersecurity courses. This enables flexible and continuous employee skill improvement.

• Mentoring and coaching: The program provides for the possibility of using expert services who serve as mentors for IT teams in local governments. This ensures continuous support and the ability to consult on complex security issues.

• Creating practitioner communities: Supporting the creation of contact networks between cybersecurity specialists from different local governments is encouraged. Regular meetings and experience exchange forums are organized, promoting mutual learning and dissemination of good practices.

• Internship and apprenticeship programs: The program encourages local governments to create internship and apprenticeship programs for students studying cybersecurity-related fields. This is not only a way to acquire new talents but also to build a long-term competency base.

• Competency certification: Local governments can implement internal cybersecurity competency certification systems. This motivates employees for continuous development and allows for objective assessment of skill levels in the organization.

Thanks to these comprehensive activities, the Cybersecure Local Government program not only raises the current competency level but also creates a culture of continuous learning and development in cybersecurity. This is a key element of building long-term resistance to digital threats in local government units.

What Technical Solutions Can Be Financed?

The Cybersecure Local Government program offers broad possibilities for financing technical solutions aimed at strengthening cybersecurity infrastructure in local government units. Here is a detailed overview of technical solutions that can be financed from the program:

• Network protection systems: • Advanced next-generation firewalls (NGFW) • Intrusion detection and prevention systems (IDS/IPS) • Network segmentation and microsegmentation solutions • Network access control systems (NAC)

• Malware protection: • Advanced antivirus and anti-malware systems • Endpoint protection solutions • Data loss prevention systems (DLP) • Behavioral analysis and anomaly detection tools

• Email security: • Spam and phishing filtering systems • Email encryption solutions • Advanced threat protection tools (ATP)

• Identity and access management: • Single sign-on systems (SSO) • Multi-factor authentication solutions (MFA) • Permission and role management systems (IAM) • Password management and privileged access management tools (PAM)

• Data security: • Solutions for encrypting data at rest and in transit • Information classification and protection systems • Secure file sharing tools

• Security monitoring and analysis: • Security information and event management systems (SIEM) • User activity monitoring solutions (UBA) • Log analysis and threat detection tools

• Backup and data recovery: • Advanced data backup and archiving systems • Data replication and cloud backup solutions • Disaster recovery systems (DRP)

• Application security: • Web application firewalls (WAF) • Application security testing tools • Vulnerability management systems

• Mobile device security: • Mobile device management solutions (MDM) • Systems for secure access to corporate resources from mobile devices

• Physical security infrastructure: • Server room access control systems • Video monitoring and surveillance solutions

• Cloud security: • Tools for protecting data and applications in cloud environments • Cloud security monitoring and management systems

• Incident response solutions: • Security orchestration, automation, and response platforms (SOAR) • Forensic analysis and cyber investigation tools

The program emphasizes implementing modern, proven solutions that comply with industry best practices and current security standards. Local governments have flexibility in selecting specific solutions that best meet their specific needs and challenges.

It’s worth emphasizing that funding covers not only hardware and software purchases but also implementation, configuration, and integration services. The program encourages a holistic approach combining different solutions into a coherent cybersecurity ecosystem.

How Does the Grant Application Process Work?

The grant application process under the Cybersecure Local Government program has been designed to be transparent and accessible to all eligible local government units. Here is a detailed description of this process:

• Call announcement: The Ministry of Digital Affairs and CPPC publish an official call for applications. The deadline for submitting applications is set, usually lasting from 30 to 60 days. Information about the call is widely disseminated through official communication channels, media, and local government organizations.

• Application preparation: Local governments prepare applications according to program guidelines. This stage includes: • Conducting a preliminary analysis of cybersecurity needs and risks • Developing a detailed action plan and project budget • Gathering required documents and declarations • Consultations with experts and potential solution providers

• Submitting applications: Applications are submitted electronically through a dedicated internet portal. The system is available 24/7 during the call period, enabling flexible planning of work on the application. All necessary documents must be attached, including declarations and technical annexes.

• Formal assessment: CPPC conducts a preliminary formal assessment of applications. Documentation completeness and compliance with basic eligibility criteria are checked. In case of minor deficiencies, applicants have the opportunity to supplement documentation within a specified deadline, usually 7-14 days.

• Substantive assessment: Applications that passed the formal assessment positively are subjected to detailed substantive assessment. Assessment is performed by a team of independent cybersecurity experts. Applications are evaluated according to pre-established criteria, using a point system.

• Results announcement: The ranking list of projects recommended for funding is published on the program website. Applicants are individually informed of assessment results, receiving detailed justification for the decision.

• Appeal procedure: Local governments whose applications were not qualified have the right to file an appeal within 14 days of receiving the decision. Appeals are considered by an independent commission within 30 days.

• Signing agreements: Grant agreements are signed with local governments whose projects were qualified for funding. Agreements specify detailed project implementation conditions, including schedule and budget.

The entire process, from call announcement to agreement signing, usually takes from 3 to 6 months. The program offers support at every stage of the application process, including: • Information webinars and workshops before the call starts • Helpline and technical support for using the electronic application submission system • Substantive consultations with program experts

It’s worth emphasizing that the application process is designed to be as local government-friendly as possible, taking into account their diverse needs and capabilities. The goal is to ensure equal opportunities for all eligible units, regardless of their size or experience in obtaining external funds.

What Documents Are Required?

When submitting an application for funding under the Cybersecure Local Government program, local government units must prepare and submit a number of documents. The list of required documents is carefully developed to enable comprehensive project assessment while minimizing administrative burden for applicants. Here is a detailed list of required documents:

• Funding application form: The main document containing detailed project information, including goals, scope of activities, schedule, and budget. The form is filled out electronically in a dedicated online system.

• Cybersecurity diagnosis: Document presenting the current state of cybersecurity in the unit, identifying key gaps and threats. Should contain results of conducted audits or security analyses.

• Detailed project description: Document containing a detailed description of planned activities, justification for their selection, and expected results. Should relate to program goals and demonstrate coherence with the cybersecurity diagnosis.

• Project budget: Detailed list of planned expenditures with their justification. The budget should be realistic and adequate for planned activities.

• Project implementation schedule: Document presenting the planned course of project implementation over time, including key stages and milestones.

• VAT eligibility statement: Document confirming the applicant’s status regarding the possibility of VAT recovery under the project.

• Statement on absence of double financing: Confirmation that planned activities are not and will not be financed from other public sources.

• Resolution of the competent LGU body: Document confirming consent to project implementation and securing own contribution (if required).

• Documents confirming applicant’s financial situation: Financial statements for the last fiscal year or other documents confirming the financial capacity to implement the project.

• Statement on having human resources: Confirmation that the applicant has the appropriate team to implement the project or plans to acquire one.

• Project management plan: Document describing the project management structure, roles and responsibilities of project team members.

• Risk analysis: Identification of potential threats to project implementation along with mitigation plans.

• Project sustainability plan: Description of activities aimed at maintaining project results after the end of financing.

• GDPR compliance declaration: Statement on compliance of planned activities with personal data protection requirements.

• Statement on compliance with EU horizontal principles: Confirmation that the project is in line with equal opportunities and non-discrimination principles as well as sustainable development.

• Partnership documents (if applicable): Partnership agreements or letters of intent for projects implemented in partnership.

• Cost estimates or quotes for planned purchases: Preliminary cost estimates or supplier quotes for key project elements, especially for large hardware investments.

• Statement on non-exclusion from eligibility for funding: Confirmation that the applicant is not excluded from eligibility for funding under applicable regulations.

It’s worth emphasizing that all documents are submitted electronically through a dedicated system. The program offers detailed instructions and document templates to facilitate the application process. In case of doubt, applicants can use consultations with program experts.

The completeness and quality of submitted documentation is crucial for application assessment. Therefore, local governments are advised to carefully familiarize themselves with the guidelines and dedicate adequate time to preparing high-quality project documentation.

What Are the Application Evaluation Criteria?

The application evaluation criteria in the Cybersecure Local Government program are carefully developed to ensure objective and comprehensive project assessment. They aim to select initiatives that will best contribute to improving cybersecurity in local government units. Here is a detailed overview of evaluation criteria:

• Project comprehensiveness (0-20 points): • Assessment of whether the project covers all key areas: organizational, competency, and technical • Points awarded for a balanced approach to these three areas

• Adequacy to needs (0-15 points): • Assessment of whether the project responds to real cybersecurity needs and challenges of the given local government • Points for conducting preliminary needs and risk analysis

• Cost efficiency (0-15 points): • Assessment of the relationship between proposed activities and their cost • Points for projects offering the best value for money

• Innovation and modernity of solutions (0-10 points): • Assessment of the degree of innovation of proposed solutions • Points for implementing modern, proven technologies

• Sustainability of results (0-10 points): • Assessment of whether the project guarantees long-lasting effects beyond the implementation period • Points for a plan to maintain and develop implemented solutions

• Readiness for implementation (0-10 points): • Assessment of the project’s preparation for implementation • Points for a clearly defined schedule and division of responsibilities

• Project team competencies (0-5 points): • Assessment of qualifications and experience of persons responsible for project implementation • Points for a team with documented cybersecurity experience

• Compliance with standards (0-5 points): • Assessment of project compliance with applicable cybersecurity norms and standards • Points for compliance with ISO 27001, NIST, or other recognized standards

• Collaboration and experience exchange (0-5 points): • Assessment of whether the project assumes collaboration between local governments or exchange of good practices • Points for initiatives supporting building practitioner communities

• Impact on local development (0-5 points): • Assessment of the potential impact of the project on digital and economic development of the region • Points for projects stimulating the local IT and cybersecurity market

Additional bonus criteria:

• Comprehensive approach to personal data protection (+5 points): • Additional points for projects particularly focused on protecting residents’ personal data

• Innovative educational solutions (+5 points): • Rewarding projects introducing innovative training methods in cybersecurity

• Collaboration with academic sector (+3 points): • Additional points for partnerships with universities or research institutes

• Consideration of sustainable development aspects (+2 points): • Rewarding projects considering ecological aspects and energy-efficient solutions

Maximum points to achieve: 115

Applications are evaluated by an independent team of experts, and each application is evaluated by at least two assessors. In case of significant discrepancies in assessment, a third expert is appointed.

It’s worth emphasizing that these criteria aim to select projects that will not only raise cybersecurity levels but also contribute to long-term development of competencies and infrastructure in local governments. The program encourages a comprehensive approach combining technical, organizational, and educational aspects.

How Does Project Implementation Proceed After Receiving Funding?

After receiving funding under the Cybersecure Local Government program, project implementation follows strictly defined procedures and schedule. This process aims to ensure effective use of funds and achievement of assumed goals. Here is a detailed description of project implementation:

• Signing the funding agreement: • The local government signs an agreement specifying project implementation conditions, including schedule, budget, and expected results • Detailed rules for reporting and settling the project are established

• Appointing the project team: • Formal appointment of the team responsible for project implementation • Assigning roles and responsibilities to individual team members

• Project kick-off: • Organizing an inaugural meeting with key stakeholders • Discussing goals, schedule, and expectations for the project

• Implementation of project activities: • Implementation of planned technical solutions • Conducting training and educational activities • Developing and implementing security policies and procedures

• Monitoring and reporting: • Regular (usually quarterly) submission of progress reports • Monitoring project implementation indicators • Ongoing risk analysis and taking corrective actions

• Controls and audits: • Periodic controls by the program management institution • Possible external audits verifying the correctness of project implementation

• Change management: • If necessary, requesting project changes (e.g., schedule or budget modifications) • Obtaining approvals for significant changes from the management institution

• Mid-term evaluation: • Conducting project progress assessment at the midpoint of the implementation period • Identifying areas requiring additional support or modification

• Procurement and public procurement: • Implementing public procurement procedures in accordance with applicable regulations • Documenting procurement processes

• Implementing technical solutions: • Installation and configuration of purchased hardware and software • Testing and optimization of implemented solutions

• Training and competency building: • Implementation of planned employee training • Evaluation of training effectiveness and possible supplementary activities

• Information and promotional activities: • Informing about project implementation according to program guidelines • Promoting project activities and achievements among residents and other stakeholders

• Final evaluation: • Comprehensive assessment of project results • Comparing achieved results with assumed goals

• Final reporting: • Preparation and submission of final project implementation report • Financial settlement of the project

• Ensuring sustainability: • Implementation of activities aimed at maintaining project results after the end of financing • Monitoring sustainability indicators for the period specified in the agreement (usually 5 years)

The entire project implementation process is closely monitored by the program management institution. Local governments can count on substantive and technical support from program experts at every stage of implementation.

Key to project success is a flexible management approach, ability to adapt to changing conditions, and close cooperation of all parties involved. Project implementation under the Cybersecure Local Government program is not only about implementing specific solutions but also about building a lasting cybersecurity culture in local government units.

What Are the Local Government’s Obligations During Project Implementation?

Local governments implementing projects under the Cybersecure Local Government program have a number of obligations they must fulfill during project implementation. These obligations aim to ensure proper project implementation, effective use of public funds, and achievement of assumed results. Here is a detailed overview of local government obligations:

• Implementation according to agreement: • Strict compliance with funding agreement conditions • Project implementation according to approved schedule and budget

• Project management: • Appointing and maintaining a project team • Regular team meetings and monitoring of work progress

• Reporting: • Submitting periodic progress reports (usually quarterly) • Preparing and submitting a final report after project completion

• Indicator monitoring: • Ongoing monitoring of project implementation indicators • Documenting achieved results

• Financial management: • Maintaining separate accounting records for the project • Compliance with expenditure eligibility rules

• Public procurement: • Conducting public procurement procedures in accordance with applicable regulations • Documenting procurement processes

• Documentation archiving: • Keeping complete project documentation for the period specified in the agreement (usually 5 years after project completion)

• Ensuring sustainability: • Maintaining project results for the sustainability period (usually 5 years after completion) • Regular reporting during the sustainability period

• Cooperation with managing institution: • Ongoing communication with project supervisor from the managing institution • Immediate notification of any problems or delays in project implementation

• Participation in controls and audits: • Enabling on-site controls at project implementation location • Preparing and providing documentation for controls and audits

• Risk management: • Ongoing identification and analysis of project risks • Implementing actions mitigating identified risks

• Information and promotion: • Implementation of information and promotional activities according to program guidelines • Marking purchased fixed assets and promotional materials

• Project evaluation: • Conducting mid-term and final project evaluation • Implementing recommendations resulting from evaluation

• Training and competency development: • Organizing and conducting planned employee training • Monitoring training effectiveness and implementing supplementary activities

• Cooperation with partners: • For partnership projects, coordinating activities and communication between partners • Regular meetings and information exchange with project partners

• Change management: • Identifying project change needs • Preparing and submitting change requests to the managing institution

• Personal data protection: • Ensuring GDPR compliance and other personal data protection regulations • Implementing appropriate procedures and safeguards for processed data

• Documenting progress: • Maintaining detailed photographic and descriptive documentation of implemented activities • Creating and updating technical documentation of implemented solutions

• Participation in trainings and workshops: • Participation in trainings and workshops organized by the managing institution • Sharing experiences and good practices with other program beneficiaries

• Ensuring accessibility: • Implementing solutions compliant with digital accessibility principles • Considering the needs of people with disabilities in implemented activities

• Incident reporting: • Immediate notification of any security incidents related to project implementation • Implementing corrective and preventive actions after incidents

• Cooperation with external experts: • Enabling independent security audits • Implementing recommendations resulting from audits and expert opinions

Fulfilling these obligations requires a systematic approach and engagement of the entire project team. Key is ongoing progress monitoring and quick response to emerging challenges. Local governments should treat these obligations not only as formal requirements but as tools supporting effective project implementation and achieving lasting improvement in cybersecurity.

How Does Fund Settlement Work?

Settling funds from the Cybersecure Local Government program is a process that requires accuracy, transparency, and compliance with defined procedures. Here is a detailed description of how fund settlement works:

• Maintaining separate accounting records: • The local government must maintain separate accounting records for the project • All project-related expenditures must be clearly separated

• Expenditure eligibility: • Only expenditures compliant with the approved budget and program guidelines are eligible • Expenditures must be incurred during the project implementation period specified in the agreement

• Expenditure documentation: • Each expenditure must be supported by appropriate documents (invoices, bills, contracts) • Documents must be described according to program guidelines, indicating the connection with the project

• Payment requests: • The local government submits periodic payment requests (usually quarterly) • Requests contain a list of incurred expenditures along with copies of supporting documents

• Request verification: • The managing institution verifies submitted payment requests • Compliance of expenditures with budget, eligibility, and documentation completeness are checked

• Expenditure reimbursement: • After positive verification, funds are transferred to the local government’s account • Reimbursement usually occurs within 30-60 days of request approval

• Advances: • In some cases, the local government may receive an advance for project implementation • Advances must be settled within specified deadlines

• Financial controls: • The managing institution may conduct on-site financial controls at project implementation location • Controls may include verification of original documents and physical inspection of purchased fixed assets

• Financial corrections: • In case of detecting irregularities, financial corrections may be imposed • The local government may be required to return ineligible expenditures

• Reporting savings: • The local government is obliged to report any savings generated during project implementation • Unused funds must be returned or, with the managing institution’s consent, allocated to additional activities within the project

• Final settlement: • After project completion, the local government submits a final payment request • The request contains a summary of all expenditures and achieved results

• External audit: • For projects exceeding a certain threshold (usually 1 million PLN), an external audit is required • The audit must be conducted by an independent auditor

• Archiving financial documentation: • The local government is obliged to keep complete project financial documentation for the period specified in the agreement (usually 5 years after project completion)

• Financial sustainability: • The local government must demonstrate the ability to maintain project results after the end of financing • Financial controls may be conducted during the sustainability period

• Tax reporting: • The local government must include received funds in its tax reporting • Compliance with VAT regulations in the project context is necessary

Settling funds from the Cybersecure Local Government program requires a systematic approach and close cooperation between the finance department and the project team. Key is ongoing monitoring of expenditures and their compliance with the budget and quick response to any deviations. Proper project settlement not only ensures compliance with program requirements but also builds the local government’s credibility as a beneficiary of public funds.

What Support Do Program Organizers Offer?

Organizers of the Cybersecure Local Government program offer comprehensive support for local government units at every stage of project implementation. This support aims to ensure effective implementation of cybersecurity initiatives and maximize program benefits. Here is a detailed overview of offered support:

• Information support: • Dedicated website with current program information • Regular newsletters with updates and advice • Helpline for program beneficiaries

• Training and workshops: • Training cycle preparing for applying for funds • Workshops on cybersecurity project management • Specialized technical training for local government IT teams

• Expert consulting: • Consultations with cybersecurity experts • Help in identifying key security needs and priorities • Support in selecting optimal technical solutions

• Help in application preparation: • Workshops on writing funding applications • Individual consultations on preparing project documentation • Providing document templates and forms

• Project implementation support: • Assigning a project supervisor from the managing institution • Regular meetings monitoring implementation progress • Help in solving ongoing problems

• Experience exchange platform: • Organizing conferences and forums for program beneficiaries • Facilitating good practice exchange between local governments • Creating cybersecurity practitioner communities in local governments

• Technical support: • Access to cybersecurity knowledge base • Help in configuring and optimizing implemented solutions • Support in case of security incidents

• Audits and security assessments: • Possibility of conducting independent security audits • Support in interpreting audit results and implementing recommendations • Cyclical cybersecurity maturity assessments

• Legal support: • Consultations on cybersecurity regulation compliance • Help in developing internal security policies and procedures • Advice on GDPR-related issues

• Educational materials: • Providing comprehensive training materials • Developing cybersecurity guides and manuals • Access to case study library and best practices

• Promotional activities support: • Help in preparing project information materials • Providing templates and guidelines for promotion • Possibility of presenting projects at industry events

• Project management tools: • Providing dedicated project management system • Training on project tool operation • Technical support in using reporting systems

• Mentoring and coaching: • Mentoring program connecting experienced local governments with newcomers • Individual coaching for cybersecurity project leaders • Support in developing leadership competencies in the context of cybersecurity

• Incident Response Center: • Access to specialized support in case of security incidents • Help in threat analysis and mitigation • Providing security monitoring and analysis tools

• Evaluation and feedback: • Regular beneficiary satisfaction surveys • Possibility of submitting suggestions and proposals for program improvements • Individual feedback sessions for project teams

The offered support is comprehensive and tailored to the diverse needs of local governments. The goal is not only to ensure effective project implementation but also to build lasting cybersecurity competencies in local government units. Thanks to this support, even smaller and less experienced local governments have a chance for successful implementation of advanced cybersecurity solutions.

How Does the Program Fit into the Country’s Broader Cybersecurity Strategy?

The Cybersecure Local Government program is an integral part of Poland’s broader cybersecurity strategy, fitting into key priorities and goals defined at the national level. Here’s how this program connects with the overall strategy:

• Implementation of Poland’s Cybersecurity Strategy: The program directly implements goals contained in Poland’s Cybersecurity Strategy for 2019-2024, particularly in the area of strengthening the resilience of public administration information systems. It contributes to achieving the strategic goal of raising the level of cyber threat resilience and increasing information protection in the public sector.

• Strengthening the national cybersecurity system: Cybersecure Local Government is a key element of building a comprehensive cyberspace protection system in Poland. By strengthening security at the local level, the program contributes to the overall improvement of the country’s cybersecurity level. Local governments, as an important link in public administration, become more resistant to attacks, which translates into increased security of the entire system.

• Developing cybersecurity competencies: The program fits into the strategic goal of workforce development and increasing social awareness in cybersecurity. Through training and building competencies of local government employees, the program contributes to creating a broad base of specialists in cybersecurity throughout the country.

• Cross-sector collaboration: Cybersecure Local Government promotes collaboration between public and private sectors, which is one of the national cybersecurity strategy priorities. The program encourages partnerships with local IT companies and scientific institutions, supporting the development of the Polish cybersecurity sector.

• Critical infrastructure protection: Many local governments manage elements of critical infrastructure at the local level. The program contributes to better protection of these resources, which is a key element of the national cybersecurity strategy.

• Standardization and harmonization of procedures: By implementing uniform standards and procedures in local governments, the program supports the strategic goal of unifying the approach to cybersecurity in public administration at all levels.

• Supporting digital transformation: The Cybersecure Local Government program is closely linked with the broader country digitization strategy. By supporting secure digitization of public services at the local level, the program contributes to achieving the goals of the Integrated State Informatization Program.

• Implementation of international obligations: The program supports the implementation of Poland’s obligations resulting from EU and NATO membership in cybersecurity, including implementation of the NIS Directive at the local level.

• Building resilience to hybrid threats: By strengthening local government cybersecurity, the program contributes to increasing the country’s resilience to hybrid threats, which is one of the national security strategy priorities.

• Stimulating innovation: The program encourages implementing innovative cybersecurity solutions, thereby supporting the strategic goal of developing Polish technologies in this field.

• Strengthening personal data protection: By improving the security of local government IT systems, the program contributes to better protection of citizens’ personal data, which is a key element of the national privacy protection strategy.

• Regional development: The program supports even development of cybersecurity competencies and infrastructure throughout the country, fitting into the broader balanced regional development strategy.

• Building cybersecurity culture: Through educational and informational activities, the program contributes to building a cybersecurity culture among public administration employees and citizens, which is one of the long-term goals of the national strategy.

• Strengthening e-administration: The program supports secure development of e-services at the local government level, which is consistent with the national e-administration and public service digitization development strategy.

• Preparing for future challenges: By building flexible and adaptive cybersecurity systems, the program prepares local governments and the entire country for future challenges in digital security.

In summary, the Cybersecure Local Government program is a key element of implementing Poland’s broader cybersecurity strategy. By strengthening security at the local level, the program contributes to building a comprehensive country cyberspace protection system, developing competencies, stimulating innovation, and implementing international obligations. It represents practical implementation of strategic assumptions at the local government level, which is essential for effective protection of the state’s digital infrastructure.

Read Also

• How Does the Cyberbezpieczny Samorząd Program Work? Goals, Funding Amounts and Evaluation Criteria
• What is Cybersecure Local Government? Definition, Goals, and Process
• ‘Company talent programs: how to effectively develop and retain the best employees’

Develop Your Skills

This article is related to the training Cyber security for employees of Local Government Units (LGUs). Check the program and sign up to develop your skills with EITT experts.

Read also

• What is Cybersecure Local Government? Definition, Goals, and Process
• How Does the Cyberbezpieczny Samorząd Program Work? Goals, Funding Amounts and Evaluation Criteria
• Why We Program in Python

Frequently Asked Questions

What is the Cybersecure Local Government program?

The Cybersecure Local Government program is a Polish government initiative designed to help local government units strengthen their cybersecurity posture. It provides funding and guidelines for implementing security measures, conducting audits, training employees, and establishing procedures to protect against cyber threats.

Who can apply for funding under this program?

Local government units across Poland, including municipalities, counties, and voivodeships, are eligible to apply. The program targets public administration bodies that need to improve their IT security infrastructure, employee awareness, and incident response capabilities.

What areas of cybersecurity does the program cover?

The program covers a comprehensive range of cybersecurity domains, including IT infrastructure hardening, employee security awareness training, risk assessment and management, incident response procedures, and compliance with national cybersecurity regulations. It emphasizes both technical and organizational measures.

How does employee training fit into the Cybersecure Local Government program?

Employee training is a critical component because human error remains one of the biggest cybersecurity risks. The program recognizes that technology alone is insufficient and requires local governments to invest in regular security awareness training, helping staff identify phishing attempts, follow secure procedures, and respond appropriately to incidents.