How Does the Cyberbezpieczny Samorząd Program Work? Goals, Funding Amounts and Evaluation Criteria

Cybersecurity is not just about technology, but also about employee awareness and proper procedures. That is why it is so important for local governments to invest in modern solutions and training programs that will enable them to effectively counter cyber threats.

Quick navigation

• What is the Cyberbezpieczny Samorząd program?
• What are the main goals of the Cyberbezpieczny Samorząd program?
• Who can apply for funding under the program?
• What funding amounts are available for local governments?
• What areas can the program funds be allocated to?
• How does the program support the organizational area of cybersecurity?
• How does the program strengthen cybersecurity competencies?
• What technical solutions can be funded through the program?
• What does the grant application process look like?
• What documents are required when submitting an application?
• What are the application evaluation criteria?
• How does project implementation proceed after receiving funding?
• What are the local government’s obligations during project implementation?
• How does the settlement of program funds work?
• What support do the program organizers offer to local governments?
• How does the Cyberbezpieczny Samorząd program fit into the broader national cybersecurity strategy?

What is the Cyberbezpieczny Samorząd program?

The Cyberbezpieczny Samorząd (Cyber-Secure Local Government) program is a comprehensive government initiative aimed at strengthening the cybersecurity of local government units in Poland. It was launched by the Ministry of Digitization in response to growing cyber threats that increasingly affect local administrations.

The program offers financial and substantive support for local governments, enabling them to invest in modern technological solutions, employee training, and the implementation of effective security procedures. The total pool of funds allocated to the program amounts to approximately PLN 1.9 billion, making it one of the largest undertakings of this kind in Europe.

Cyberbezpieczny Samorząd covers all levels of local administration — municipalities, counties, and voivodeships. In total, the program is aimed at 2,807 local government units across the country. Particular emphasis is placed on supporting smaller units, which often have limited resources and competencies in the field of cybersecurity.

The program is characterized by a comprehensive approach to cybersecurity. It is not limited to providing hardware or software, but also encompasses building competencies, creating procedures, and raising awareness of threats among local government employees. Thanks to this, it has the potential to bring long-lasting and significant improvements in digital security at the local level.

It is worth emphasizing that the Cyberbezpieczny Samorząd program is part of a broader strategy for digitization and securing the state’s critical infrastructure. It is based on the assumption that strong and attack-resistant local governments are the foundation of the entire country’s digital security.

What are the main goals of the Cyberbezpieczny Samorząd program?

The main goals of the Cyberbezpieczny Samorząd program focus on comprehensively strengthening the resilience of local government units against cyber threats. The program strives to create solid foundations for information security in local governments, which will translate into better protection of residents’ data and more efficient functioning of local administration.

The key goals of the program include:

1. Raising the level of knowledge and competencies of local government unit personnel in the field of cybersecurity. The program envisages conducting a series of trainings and workshops that will enable local government employees to better understand cyber threats and effectively counteract them. It is planned to train at least 50,000 local government employees within the next two years.
2. Implementing or updating information security management policies (ISMS) in local government units. Thanks to this, local governments will have clearly defined procedures and standards for data protection, which will allow for a more effective response in the event of security incidents.
3. Implementing advanced technical measures, such as intrusion detection and prevention systems, data backup solutions, or network monitoring tools. It is planned that by the end of 2025, at least 80% of local governments will have implemented advanced cyber attack protection systems.
4. Increasing the ability of local governments to quickly detect and respond to security incidents. As part of the program, it is planned to establish regional cybersecurity centers that will support smaller units in crisis situations.
5. Creating a cybersecurity culture in local governments, where threat awareness and responsible practices will be an integral part of daily work. The aim is that by 2026, at least 95% of local governments will have active cybersecurity awareness programs for their employees.

The realization of these goals is intended to contribute to a significant increase in local governments’ resilience to cyber attacks, improved protection of residents’ personal data, and increased trust in e-services provided by local administration. The Cyberbezpieczny Samorząd program is also intended to stimulate the development of the local IT and cybersecurity market, contributing to the creation of new jobs in this sector.

Who can apply for funding under the program?

The Cyberbezpieczny Samorząd program is aimed at a wide spectrum of local government units in Poland, covering all levels of local administration. Specifically, the following entities can apply for support under the program:

1. Municipalities — both urban, rural, and urban-rural. The program covers all 2,477 municipalities in Poland, from the smallest rural units to the largest cities.
2. Counties — all 314 land and city counties can apply for program funds.
3. Voivodeships — all 16 voivodeship governments are eligible to participate in the program.

The program is available to local government units regardless of their size or level of advancement in the area of cybersecurity. This means that both small rural municipalities that are just beginning their path toward digitization and large cities with extensive IT infrastructure can find appropriate support in the program.

The program also takes into account organizational units of local governments, such as city and municipality offices, county offices, marshal’s offices, and other subordinate institutions (e.g., cultural, educational, or social welfare units), as long as they are public finance sector entities.

An important caveat is the exclusion of healthcare facilities from the program, as they have dedicated, separate cybersecurity support programs.

To ensure fair access to funds, the program introduces differentiated funding thresholds depending on the size and affluence of the local government unit. Thanks to this, even the smallest and least affluent municipalities have a chance to receive significant support in the area of cybersecurity.

It is worth emphasizing that the program is open to all eligible units, regardless of their current level of advancement in the area of cybersecurity. Both local governments that are just beginning their journey toward digital transformation and those that wish to further develop their competencies and infrastructure in this area are encouraged to participate.

What funding amounts are available for local governments?

The Cyberbezpieczny Samorząd program offers significant financial support for local government units, with funding amounts tailored to the size and needs of individual local governments. The amount of funding varies and depends on several key factors:

1. For municipalities:• The minimum funding amount is PLN 200,000• The maximum funding amount reaches PLN 850,000• The exact amount depends on the number of inhabitants and the municipality’s tax revenue index
2. For counties:• The minimum funding amount is also PLN 200,000• The maximum amount can reach PLN 850,000• The grant amount depends on the county’s population
3. For voivodeships:• All voivodeship governments can apply for the maximum funding amount, which is PLN 1,000,000

The program assumes a flexible approach to financing, taking into account the specific needs and challenges of different types of local governments. For example, smaller rural municipalities, which often have limited own resources, can count on a higher percentage of funding in relation to the total project value.

The level of funding can reach up to 100% of eligible project costs for the smallest and least affluent municipalities. For larger local government units, a certain own contribution is required, the amount of which depends on the tax revenue index per inhabitant.

The total pool of funds allocated to the Cyberbezpieczny Samorząd program amounts to approximately PLN 1.9 billion. This significant amount is intended to ensure that even smaller and less affluent local governments will be able to implement comprehensive cybersecurity projects.

It is worth emphasizing that local governments can apply for funds to implement comprehensive projects covering both investments in technical infrastructure and soft activities such as training or security audits. This flexibility allows projects to be tailored to the individual needs and priorities of each local government unit.

The program also provides for the possibility of combining funds from other financing sources, which allows for the implementation of more ambitious and comprehensive cybersecurity projects.

What areas can the program funds be allocated to?

The Cyberbezpieczny Samorząd program offers a wide spectrum of activities that can be financed under the awarded grants. Funds can be allocated to three key areas: organizational, competency-related, and technical. Here is a detailed overview of the possibilities:

1. Organizational area:• Development and implementation of information security policies• Conducting security audits and risk analyses• Creating incident response procedures• Developing business continuity and disaster recovery plans• Implementing an information security management system compliant with the ISO 27001 standard
2. Competency area:• Organizing cybersecurity training for employees at all levels• Conducting specialized courses for IT teams• Implementing programs to build awareness of cyber threats• Organizing security incident exercises and simulations• Participation in conferences and industry workshops on cybersecurity
3. Technical area:• Purchase and implementation of antivirus and anti-malware systems• Implementation of next-generation firewall solutions• Implementation of intrusion detection and prevention systems (IDS/IPS)• Purchase and configuration of data backup and recovery solutions• Modernization of network infrastructure, including network segmentation• Implementation of identity and access management systems (IAM)• Implementation of data and communication encryption solutions• Purchase of network traffic monitoring and analysis tools

Additionally, the program enables the financing of advisory and consulting services in the field of cybersecurity, which can help local governments identify the best solutions tailored to their specific needs and challenges.

It is worth emphasizing that this list is not exhaustive, and local governments have some flexibility in proposing activities that best meet their individual cybersecurity needs. The key requirement is that the proposed activities contribute to the realization of the program’s main goals and are consistent with the guidelines set by the organizers.

The program encourages a comprehensive approach combining elements from all three areas. Such an integrated approach is intended to ensure a lasting improvement in the level of cybersecurity in local government units.

How does the program support the organizational area of cybersecurity?

The Cyberbezpieczny Samorząd program strengthens cybersecurity competencies through:

1. Comprehensive employee training: The program finances a wide range of training, from basic cybersecurity awareness courses for all employees to advanced technical training for IT specialists. The goal is to raise the overall level of knowledge about cyber threats throughout the entire organization.
2. Specialized courses for IT teams: For IT department employees, advanced technical training is provided, covering topics such as network management, system security, malware analysis, or incident response. The program enables obtaining industry certifications such as CISSP, CEH, or CISM.
3. Awareness-building programs: Local governments can implement long-term cybersecurity awareness programs. These include regular information campaigns, newsletters, posters, or interactive workshops aimed at maintaining a high level of vigilance among employees.
4. Attack simulations and practical exercises: The program supports the organization of practical exercises, such as phishing simulations or penetration tests. This allows employees to experience real attack scenarios in a safe environment and learn appropriate responses.
5. Participation in conferences and workshops: Funding also covers the participation of local government employees in industry conferences and cybersecurity workshops. This is an excellent opportunity to exchange experiences and learn about the latest trends in digital security.
6. E-learning platform: As part of the program, a dedicated e-learning platform is being created, offering a wide range of online cybersecurity courses. This enables flexible and continuous upskilling of employees.
7. Mentoring and coaching: The program provides for the possibility of using the services of experts who serve as mentors for IT teams in local governments. This ensures continuous support and the ability to consult on complex security matters.
8. Creating communities of practice: The creation of networks of contacts between cybersecurity specialists from different local governments is supported. Regular meetings and forums for exchanging experiences are organized, which promotes mutual learning and the dissemination of good practices.
9. Internship and apprenticeship programs: The program encourages local governments to create internship and apprenticeship programs for students in cybersecurity-related fields. This is not only a way to acquire new talent, but also to build a long-term competency base.
10. Competency certification: Local governments can implement internal competency certification systems in the field of cybersecurity. This motivates employees to continuously develop and allows for an objective assessment of the skill level within the organization.

Thanks to these comprehensive activities, the Cyberbezpieczny Samorząd program not only raises the current level of competencies but also creates a culture of continuous learning and development in the area of cybersecurity. This is a key element in building long-term resilience to digital threats in local government units.

How does the program strengthen cybersecurity competencies?

The Cyberbezpieczny Samorząd program places great emphasis on strengthening the cybersecurity competencies of local government employees. This is a key element in building resilience to digital threats, because even the best technical solutions may prove ineffective without properly trained personnel. Here is how the program supports competency development:

1. Comprehensive employee training: The program finances a wide range of training, from basic cybersecurity awareness courses for all employees to advanced technical training for IT specialists. The goal is to raise the overall level of knowledge about cyber threats throughout the entire organization.
2. Specialized courses for IT teams: For IT department employees, advanced technical training is provided, covering topics such as network management, system security, malware analysis, or incident response. The program enables obtaining industry certifications such as CISSP, CEH, or CISM.
3. Awareness-building programs: Local governments can implement long-term cybersecurity awareness programs. These include regular information campaigns, newsletters, posters, or interactive workshops aimed at maintaining a high level of vigilance among employees.
4. Attack simulations and practical exercises: The program supports the organization of practical exercises, such as phishing simulations or penetration tests. This allows employees to experience real attack scenarios in a safe environment and learn appropriate responses.
5. Participation in conferences and workshops: Funding also covers the participation of local government employees in industry conferences and cybersecurity workshops. This is an excellent opportunity to exchange experiences and learn about the latest trends in digital security.
6. E-learning platform: As part of the program, a dedicated e-learning platform is being created, offering a wide range of online cybersecurity courses. This enables flexible and continuous upskilling of employees.
7. Mentoring and coaching: The program provides for the possibility of using the services of experts who serve as mentors for IT teams in local governments. This ensures continuous support and the ability to consult on complex security matters.
8. Creating communities of practice: The creation of networks of contacts between cybersecurity specialists from different local governments is supported. Regular meetings and forums for exchanging experiences are organized, which promotes mutual learning and the dissemination of good practices.
9. Internship and apprenticeship programs: The program encourages local governments to create internship and apprenticeship programs for students in cybersecurity-related fields. This is not only a way to acquire new talent, but also to build a long-term competency base.
10. Competency certification: Local governments can implement internal competency certification systems in the field of cybersecurity. This motivates employees to continuously develop and allows for an objective assessment of the skill level within the organization.

Thanks to these comprehensive activities, the Cyberbezpieczny Samorząd program not only raises the current level of competencies but also creates a culture of continuous learning and development in the area of cybersecurity. This is a key element in building long-term resilience to digital threats in local government units.

What technical solutions can be funded through the program?

The Cyberbezpieczny Samorząd program offers extensive possibilities for financing technical solutions aimed at strengthening the cybersecurity infrastructure in local government units. Here is a detailed overview of technical solutions that can be financed through the program:

1. Network protection systems:• Advanced next-generation firewalls (NGFW)• Intrusion detection and prevention systems (IDS/IPS)• Network segmentation and microsegmentation solutions• Network access control (NAC) systems
2. Malware protection:• Advanced antivirus and anti-malware systems• Endpoint protection solutions• Data loss prevention (DLP) systems• Behavioral analysis and anomaly detection tools
3. Email security:• Spam and phishing filtering systems• Email encryption solutions• Advanced threat protection (ATP) tools
4. Identity and access management:• Single sign-on (SSO) systems• Multi-factor authentication (MFA) solutions• Identity and access management (IAM) systems• Password management and privileged access management (PAM) tools
5. Data security:• Solutions for encrypting data at rest and in transit• Information classification and protection systems• Secure file sharing tools
6. Security monitoring and analysis:• Security information and event management (SIEM) systems• User behavior analytics (UBA) solutions• Log analysis and threat detection tools
7. Data backup and recovery:• Advanced data backup and archiving systems• Data replication and cloud backup solutions• Disaster recovery planning (DRP) systems
8. Application security:• Web application firewalls (WAF)• Application security testing tools• Vulnerability management systems
9. Mobile device security:• Mobile device management (MDM) solutions• Systems for secure access to corporate resources from mobile devices
10. Physical security infrastructure:• Server room access control systems• Video monitoring and surveillance solutions
11. Cloud security:• Tools for protecting data and applications in cloud environments• Systems for monitoring and managing cloud security
12. Incident response solutions:• Security orchestration, automation and response (SOAR) platforms• Digital forensics and cyber investigation tools

The program emphasizes the implementation of modern, proven solutions that are consistent with industry best practices and current security standards. Local governments have flexibility in selecting specific solutions that best meet their specific needs and challenges.

It is worth emphasizing that funding covers not only the purchase of hardware and software, but also implementation, configuration, and integration services. The program encourages a holistic approach, combining different solutions into a coherent cybersecurity ecosystem.

What does the grant application process look like?

The grant application process under the Cyberbezpieczny Samorząd program has been designed to be transparent and accessible to all eligible local government units. Here is a detailed description of this process:

1. Announcement of the call for applications: The Ministry of Digitization and CPPC publish an official announcement of the call for applications. A deadline for submitting applications is set, usually lasting from 30 to 60 days. Information about the call is widely disseminated through official communication channels, media, and local government organizations.
2. Preparation of the application: Local governments prepare applications in accordance with the program guidelines. This stage includes:• Conducting a preliminary analysis of cybersecurity needs and risks• Developing a detailed action plan and project budget• Gathering required documents and declarations• Consultations with experts and potential solution providers
3. Submission of applications: Applications are submitted electronically through a dedicated online portal. The system is available 24/7 during the application period, enabling flexible planning of work on the application. Attachment of all necessary documents, including declarations and technical annexes, is required.
4. Formal assessment: CPPC conducts a preliminary formal assessment of applications. The completeness of documentation and fulfillment of basic eligibility criteria are checked. In case of minor deficiencies, applicants have the opportunity to supplement the documentation within a specified period, usually 7-14 days.
5. Substantive assessment: Applications that have passed the formal assessment positively are subjected to a detailed substantive assessment. The assessment is carried out by a team of independent experts in the field of cybersecurity. Applications are evaluated according to pre-established criteria, using a point-based system.
6. Announcement of results: The ranking list of projects recommended for funding is published on the program’s website. Applicants are individually informed about the assessment results, receiving a detailed justification of the decision.
7. Appeal procedure: Local governments whose applications have not been qualified have the right to file an appeal within 14 days of receiving the decision. Appeals are reviewed by an independent commission within 30 days.
8. Signing of agreements: Grant agreements are signed with local governments whose projects have been qualified for funding. The agreements specify the detailed conditions for project implementation, including the schedule and budget.

The entire process, from the announcement of the call to the signing of agreements, usually takes from 3 to 6 months. The program offers support at every stage of the application process, including: • Webinars and information workshops before the start of the call • A helpline and technical support for using the electronic application submission system • Substantive consultations with program experts

It is worth emphasizing that the application process is designed to be as user-friendly as possible for local governments, taking into account their diverse needs and capabilities. The goal is to ensure equal opportunities for all eligible units, regardless of their size or experience in obtaining external funding.

What documents are required when submitting an application?

When submitting an application for funding under the Cyberbezpieczny Samorząd program, local government units must prepare and submit a number of documents. The list of required documents has been carefully developed to enable a comprehensive assessment of the project while minimizing the administrative burden on applicants. Here is a detailed list of required documents:

1. Funding application form: The main document containing detailed information about the project, including goals, scope of activities, schedule, and budget. The form is filled out electronically in a dedicated online system.

2. Cybersecurity diagnosis: A document presenting the current state of cybersecurity in the unit, identifying key gaps and threats. It should contain the results of conducted audits or security analyses.

3. Detailed project description: A document containing a detailed description of planned activities, justification for their selection, and expected results. It should refer to the program’s goals and demonstrate consistency with the cybersecurity diagnosis.

4. Project budget: A detailed statement of planned expenditures with their justification. The budget should be realistic and adequate to the planned activities.

5. Project implementation schedule: A document presenting the planned course of project implementation over time, taking into account key stages and milestones.

6. VAT eligibility declaration: A document confirming the applicant’s status regarding the possibility of recovering VAT within the project.

7. Declaration of no double financing: Confirmation that the planned activities are not and will not be financed from other public sources.

8. Resolution of the appropriate local government body: A document confirming consent to implement the project and secure own contribution (if required).

9. Documents confirming the applicant’s financial situation: Financial statements for the last budget year or other documents confirming the financial capacity to implement the project.

10. Declaration of having human resources: Confirmation that the applicant has an appropriate team to implement the project or plans to acquire one.

11. Project management plan: A document describing the project management structure, roles, and responsibilities of project team members.

12. Risk analysis: Identification of potential threats to project implementation along with mitigation plans.

13. Project sustainability plan: A description of activities aimed at ensuring the sustainability of project results after the end of its funding.

14. GDPR compliance declaration: A declaration of compliance of planned activities with personal data protection requirements.

15. Declaration of compliance with EU horizontal principles: Confirmation that the project is consistent with the principles of equal opportunities and non-discrimination as well as sustainable development.

16. Documents confirming partnership (if applicable): Partnership agreements or letters of intent in the case of projects implemented in partnership.

17. Cost estimates or offers for planned purchases: Preliminary cost estimates or supplier offers for key project elements, particularly in the case of large hardware investments.

18. Declaration of non-exclusion from the possibility of receiving funding: Confirmation that the applicant is not subject to exclusion from the possibility of receiving funding under applicable regulations.

It is worth emphasizing that all documents are submitted electronically through a dedicated system. The program offers detailed instructions and document templates to facilitate the application process. In case of doubt, applicants can take advantage of consultations with program experts.

The completeness and quality of the submitted documentation is of key importance for the assessment of the application. Therefore, it is recommended that local governments carefully familiarize themselves with the guidelines and devote an appropriate amount of time to preparing high-quality project documentation.

What are the application evaluation criteria?

The application evaluation criteria in the Cyberbezpieczny Samorząd program have been carefully developed to ensure an objective and comprehensive assessment of projects. They are designed to select initiatives that will best contribute to improving cybersecurity in local government units. Here is a detailed overview of the evaluation criteria:

1. Project comprehensiveness (0-20 points):• Assessment of whether the project covers all key areas: organizational, competency-related, and technical• Points awarded for a balanced approach to these three areas
2. Adequacy to needs (0-15 points):• Assessment of whether the project responds to the real cybersecurity needs and challenges of the given local government• Points for conducting a preliminary needs and risk analysis
3. Cost effectiveness (0-15 points):• Assessment of the relationship between the proposed activities and their cost• Points for projects offering the best quality-to-price ratio
4. Innovation and modernity of solutions (0-10 points):• Assessment of the degree of innovation of the proposed solutions• Points for implementing modern, proven technologies
5. Sustainability of results (0-10 points):• Assessment of whether the project guarantees long-lasting effects extending beyond the implementation period• Points for a plan to maintain and develop the implemented solutions
6. Implementation readiness (0-10 points):• Assessment of the project’s degree of readiness for implementation• Points for a clearly defined schedule and division of responsibilities
7. Project team competencies (0-5 points):• Assessment of the qualifications and experience of persons responsible for project implementation• Points for a team with documented experience in cybersecurity
8. Compliance with standards (0-5 points):• Assessment of the project’s compliance with applicable cybersecurity norms and standards• Points for compliance with ISO 27001, NIST, or other recognized standards
9. Cooperation and exchange of experience (0-5 points):• Assessment of whether the project envisages cooperation between local governments or the exchange of good practices• Points for initiatives supporting the building of communities of practice
10. Impact on local development (0-5 points):• Assessment of the potential impact of the project on the digital and economic development of the given region• Points for projects stimulating the local IT and cybersecurity market

Additional bonus criteria:

1. Comprehensive approach to personal data protection (+5 points):• Additional points for projects particularly focused on the protection of residents’ personal data
2. Innovative educational solutions (+5 points):• Rewarding projects introducing innovative training methods in the field of cybersecurity
3. Cooperation with the academic sector (+3 points):• Additional points for partnerships with universities or research institutes
4. Consideration of sustainable development aspects (+2 points):• Rewarding projects that take into account ecological aspects and energy-efficient solutions

Maximum number of points available: 115. Applications are evaluated by an independent team of experts, and each application is assessed by at least two evaluators. In the case of significant discrepancies in the assessment, a third expert is appointed.

It is worth emphasizing that these criteria are designed to select projects that will not only raise the level of cybersecurity but also contribute to the long-term development of competencies and infrastructure in local governments. The program encourages a comprehensive approach combining technical, organizational, and educational aspects.

How does project implementation proceed after receiving funding?

After receiving funding under the Cyberbezpieczny Samorząd program, project implementation follows strictly defined procedures and schedule. This process is designed to ensure the effective use of funds and the achievement of set goals. Here is a detailed description of the project implementation process:

1. Signing the funding agreement:• The local government signs an agreement specifying the conditions for project implementation, including the schedule, budget, and expected results• Detailed rules for project reporting and settlement are established
2. Establishing the project team:• Formal establishment of the team responsible for project implementation• Assignment of roles and responsibilities to individual team members
3. Project kick-off:• Organization of an inaugural meeting with the participation of key stakeholders• Discussion of goals, schedule, and expectations for the project
4. Implementation of project activities:• Implementing planned technical solutions• Conducting training and educational activities• Developing and implementing security policies and procedures
5. Monitoring and reporting:• Regular (usually quarterly) submission of progress reports• Monitoring project implementation indicators• Ongoing risk analysis and implementation of corrective actions
6. Controls and audits:• Periodic controls by the program management institution• Possible external audits verifying the correctness of project implementation
7. Change management:• If necessary, requesting changes to the project (e.g., modifications to the schedule or budget)• Obtaining approvals for significant changes from the management institution
8. Mid-term evaluation:• Conducting an assessment of project progress at the midpoint of the implementation period• Identification of areas requiring additional support or modification
9. Procurement and public tenders:• Implementation of public procurement procedures in accordance with applicable regulations• Documentation of procurement processes
10. Implementation of technical solutions:• Installation and configuration of purchased hardware and software• Testing and optimization of implemented solutions
11. Training and competency building:• Implementation of planned employee training• Assessment of training effectiveness and possible supplementary activities
12. Information and promotional activities:• Informing about project implementation in accordance with program guidelines• Promotion of project activities and achievements among residents and other stakeholders
13. Final evaluation:• Comprehensive assessment of project results• Comparison of achieved results with set goals
14. Final reporting:• Preparation and submission of the final project implementation report• Financial settlement of the project
15. Ensuring sustainability:• Implementation of activities aimed at maintaining project results after the end of funding• Monitoring of sustainability indicators for the period specified in the agreement (usually 5 years)

The entire project implementation process is closely monitored by the program management institution. Local governments can count on substantive and technical support from program experts at every stage of implementation.

Key to the success of the project is a flexible approach to management, the ability to adapt to changing conditions, and close cooperation of all involved parties. Implementing a project under the Cyberbezpieczny Samorząd program is not only about deploying specific solutions but also a process of building a lasting cybersecurity culture in local government units.

What are the local government’s obligations during project implementation?

Local governments implementing projects under the Cyberbezpieczny Samorząd program have a number of obligations that must be fulfilled during project implementation. These obligations are designed to ensure the proper implementation of the project, effective use of public funds, and achievement of intended results. Here is a detailed overview of the local government’s obligations:

1. Implementation in accordance with the agreement:• Strict adherence to the terms of the funding agreement• Implementation of the project in accordance with the approved schedule and budget

2. Project management:• Establishing and maintaining the project team• Regular team meetings and monitoring of work progress

3. Reporting:• Submission of periodic progress reports (usually quarterly)• Preparation and submission of the final report after project completion

4. Monitoring of indicators:• Ongoing monitoring of project implementation indicators• Documentation of achieved results

5. Financial management:• Maintaining separate accounting records for the project• Compliance with expenditure eligibility rules

6. Public procurement:• Conducting public procurement procedures in accordance with applicable regulations• Documentation of procurement processes

7. Documentation archiving:• Retention of complete project documentation for the period specified in the agreement (usually 5 years after project completion)

8. Ensuring sustainability:• Maintaining project results for the sustainability period (usually 5 years after completion)• Regular reporting during the sustainability period

9. Cooperation with the management institution:• Ongoing communication with the project supervisor from the management institution• Immediate notification of any problems or delays in project implementation

10. Participation in controls and audits:• Enabling on-site controls at the project implementation location• Preparation and provision of documentation for the purposes of controls and audits

11. Risk management:• Ongoing identification and analysis of project risks• Implementation of measures to mitigate identified risks

12. Information and promotion:• Implementation of information and promotional activities in accordance with program guidelines• Labeling of purchased fixed assets and promotional materials

13. Project evaluation:• Conducting mid-term and final project evaluations• Implementation of recommendations resulting from evaluations

14. Training and competency development:• Organization and delivery of planned employee training• Monitoring training effectiveness and implementing supplementary activities

15. Cooperation with partners:• In the case of partnership projects, coordination of activities and communication between partners• Regular meetings and information exchange with project partners

16. Change management:• Identification of needs for changes in the project• Preparation and submission of change requests to the management institution

17. Personal data protection:• Ensuring compliance with GDPR and other personal data protection regulations• Implementation of appropriate procedures and safeguards for processed data

18. Documenting progress:• Maintaining detailed photographic and descriptive documentation of implemented activities• Creating and updating technical documentation of implemented solutions

19. Participation in training and workshops:• Participation in training and workshops organized by the management institution• Sharing experiences and good practices with other program beneficiaries

20. Ensuring accessibility:• Implementing solutions compliant with digital accessibility principles• Taking into account the needs of persons with disabilities in implemented activities

21. Incident reporting:• Immediate notification of any security incidents related to project implementation• Implementation of corrective and preventive measures after incidents occur

22. Cooperation with external experts:• Enabling independent security audits to be conducted• Implementation of recommendations resulting from audits and expert opinions

Fulfilling these obligations requires a systematic approach and the engagement of the entire project team. It is key to continuously monitor progress and quickly respond to emerging challenges. Local governments should treat these obligations not only as formal requirements but as tools supporting the effective implementation of the project and achieving lasting improvement in the area of cybersecurity.

How does the settlement of program funds work?

The settlement of funds from the Cyberbezpieczny Samorząd program is a process that requires accuracy, transparency, and compliance with specified procedures. Here is a detailed description of how the settlement of funds works:

1. Maintaining separate accounting records:• The local government must maintain separate accounting records for the project• All expenditures related to the project must be clearly separated
2. Expenditure eligibility:• Only expenditures consistent with the approved budget and program guidelines are eligible• Expenditures must be incurred during the project implementation period specified in the agreement
3. Expenditure documentation:• Each expenditure must be supported by appropriate documents (invoices, bills, contracts)• Documents must be described in accordance with program guidelines, indicating the connection to the project
4. Payment requests:• The local government submits periodic payment requests (usually quarterly)• Requests contain a statement of incurred expenditures along with copies of supporting documents
5. Request verification:• The management institution verifies submitted payment requests• Compliance of expenditures with the budget, eligibility, and completeness of documentation are checked
6. Expenditure reimbursement:• After positive verification, funds are transferred to the local government’s account• Reimbursement usually occurs within 30-60 days of request approval
7. Advance payments:• In some cases, the local government may receive an advance payment for project implementation• Advances must be settled within specified deadlines
8. Financial controls:• The management institution may conduct on-site financial controls at the project implementation location• Controls may include verification of original documents and physical inspection of purchased fixed assets
9. Financial corrections:• In the event of irregularities being detected, financial corrections may be imposed• The local government may be required to return ineligible expenditures
10. Reporting savings:• The local government is obligated to report any savings that arise during project implementation• Unused funds must be returned or, with the consent of the management institution, allocated to additional activities within the project
11. Final settlement:• After project completion, the local government submits a final payment request• The request contains a summary of all expenditures and achieved results
12. External audit:• For projects exceeding a specified threshold (usually PLN 1 million), an external audit is required• The audit must be conducted by an independent auditor
13. Archiving of financial documentation:• The local government is obligated to retain complete financial project documentation for the period specified in the agreement (usually 5 years after project completion)
14. Financial sustainability:• The local government must demonstrate the ability to maintain project results after the end of funding• Financial controls may be conducted during the sustainability period
15. Tax reporting:• The local government must account for received funds in its tax reporting• Compliance with VAT regulations in the context of the project is necessary

The settlement of funds from the Cyberbezpieczny Samorząd program requires a systematic approach and close cooperation between the finance department and the project team. It is key to continuously monitor expenditures and their compliance with the budget, as well as to quickly respond to any deviations. Proper settlement of the project not only ensures compliance with program requirements but also builds the credibility of the local government as a beneficiary of public funds.

What support do the program organizers offer to local governments?

The organizers of the Cyberbezpieczny Samorząd program offer comprehensive support for local government units at every stage of project implementation. This support is intended to ensure the effective implementation of cybersecurity initiatives and maximize the benefits of the program. Here is a detailed overview of the offered support:

1. Information support:• A dedicated website with current program information• Regular newsletters with updates and tips• A helpline for program beneficiaries
2. Training and workshops:• A series of training courses preparing for applying for funds• Workshops on cybersecurity project management• Specialized technical training for local government IT teams
3. Expert advisory:• Consultations with cybersecurity experts• Assistance in identifying key needs and priorities in the field of security• Support in selecting optimal technical solutions
4. Assistance in preparing applications:• Workshops on writing funding applications• Individual consultations regarding the preparation of project documentation• Provision of document templates and forms
5. Support in project implementation:• Assignment of a project supervisor from the management institution• Regular meetings monitoring implementation progress• Assistance in solving ongoing problems
6. Experience-sharing platform:• Organization of conferences and forums for program beneficiaries• Facilitation of the exchange of good practices between local governments• Creating communities of cybersecurity practitioners in local governments
7. Technical support:• Access to a cybersecurity knowledge base• Assistance in configuring and optimizing implemented solutions• Support in the event of security incidents
8. Security audits and assessments:• The possibility of conducting independent security audits• Support in interpreting audit results and implementing recommendations• Periodic cybersecurity maturity assessments
9. Legal support:• Consultations on compliance with cybersecurity regulations• Assistance in developing internal security policies and procedures• Advisory on GDPR-related matters
10. Educational materials:• Provision of comprehensive training materials• Development of guides and handbooks on cybersecurity• Access to a library of case studies and best practices
11. Support in promotional activities:• Assistance in preparing project information materials• Provision of templates and guidelines for promotion• The possibility of presenting projects at industry events
12. Project management tools:• Provision of a dedicated project management system• Training on using project tools• Technical support in using reporting systems
13. Mentoring and coaching:• A mentoring program connecting experienced local governments with newcomers• Individual coaching for cybersecurity project leaders• Support in developing leadership competencies in the context of cybersecurity
14. Incident Response Center:• Access to specialized support in the event of security incidents• Assistance in threat analysis and mitigation• Provision of security monitoring and analysis tools
15. Evaluation and feedback:• Regular beneficiary satisfaction surveys• The possibility of submitting suggestions and proposals for program improvements• Individual feedback sessions for project teams

The offered support is comprehensive in nature and is tailored to the diverse needs of local governments. The goal is not only to ensure the effective implementation of projects but also to build lasting competencies in the field of cybersecurity in local government units. Thanks to this support, even smaller and less experienced local governments have the opportunity to effectively implement advanced cybersecurity solutions.

How does the Cyberbezpieczny Samorząd program fit into the broader national cybersecurity strategy?

The Cyberbezpieczny Samorząd program is an integral part of Poland’s broader cybersecurity strategy, fitting into the key priorities and goals defined at the national level. Here is how this program connects with the overall strategy:

1. Implementation of Poland’s Cybersecurity Strategy: The program directly implements the goals contained in Poland’s Cybersecurity Strategy for 2019-2024, particularly in the area of strengthening the resilience of public administration information systems. It contributes to achieving the strategic goal of raising the level of resilience to cyber threats and increasing the level of information protection in the public sector.

2. Strengthening the national cybersecurity system: Cyberbezpieczny Samorząd is a key element in building a comprehensive cyberspace protection system for Poland. By strengthening security at the local level, the program contributes to an overall increase in the country’s cybersecurity level. Local governments, as an important link in public administration, become more resilient to attacks, which translates into increased security of the entire system.

3. Developing competencies in the area of cybersecurity: The program fits into the strategic goal of developing personnel and increasing social awareness in the field of cybersecurity. Through training and building competencies of local government employees, the program contributes to creating a broad base of cybersecurity specialists throughout the entire country.

4. Cross-sector cooperation: Cyberbezpieczny Samorząd promotes cooperation between the public and private sectors, which is one of the priorities of the national cybersecurity strategy. The program encourages partnerships with local IT companies and scientific institutions, thereby supporting the development of the Polish cybersecurity sector.

5. Critical infrastructure protection: Many local governments manage elements of critical infrastructure at the local level. The program contributes to better protection of these resources, which is a key element of the national cybersecurity strategy.

6. Standardization and harmonization of procedures: By implementing uniform standards and procedures in local governments, the program supports the strategic goal of unifying the approach to cybersecurity in public administration at all levels.

7. Supporting digital transformation: The Cyberbezpieczny Samorząd program is closely linked to the broader national digitization strategy. By supporting the secure digitization of public services at the local level, the program contributes to the realization of the goals of the Integrated State Informatization Program.

8. Fulfilling international obligations: The program supports the fulfillment of Poland’s obligations arising from EU and NATO membership in the field of cybersecurity, including the implementation of the NIS Directive at the local level.

9. Building resilience to hybrid threats: By strengthening the cybersecurity of local governments, the program contributes to increasing the country’s resilience to hybrid threats, which is one of the priorities of the national security strategy.

10. Stimulating innovation: The program encourages the implementation of innovative solutions in the area of cybersecurity, thereby supporting the strategic goal of developing Polish technologies in this field.

11. Strengthening personal data protection: By improving the security of local government information systems, the program contributes to better protection of citizens’ personal data, which is a key element of the national privacy protection strategy.

12. Regional development: The program supports the even development of cybersecurity competencies and infrastructure throughout the country, which fits into the broader strategy of sustainable regional development.

13. Building a cybersecurity culture: Through educational and informational activities, the program contributes to building a cybersecurity culture among public administration employees and citizens, which is one of the long-term goals of the national strategy.

14. Strengthening e-government: The program supports the secure development of e-services at the local government level, which is consistent with the national strategy for the development of e-government and digitization of public services.

15. Preparing for future challenges: By building flexible and adaptive cybersecurity systems, the program prepares local governments and the entire country for future challenges in the area of digital security.

In summary, the Cyberbezpieczny Samorząd program is a key element in the implementation of Poland’s broader cybersecurity strategy. By strengthening security at the local level, the program contributes to building a comprehensive cyberspace protection system for the country, developing competencies, stimulating innovation, and fulfilling international obligations. It represents a practical implementation of strategic assumptions at the local government level, which is essential for the effective digital protection of the state’s infrastructure.

Develop Your Skills

This article is related to the training Cyber security for employees of Local Government Units (LGUs). Check the program and sign up to develop your skills with EITT experts.

Read also

• How Does the Cybersecure Local Government Program Work? Goals, Amounts, and Evaluation Criteria
• What is Cybersecure Local Government? Definition, Goals, and Process
• AI in cyber security: how does artificial intelligence help detect threats, automate defense and protect your business?

Frequently Asked Questions

What is the Cyberbezpieczny Samorzad program and who funds it?

Cyberbezpieczny Samorzad is a national program funded by the Polish government to strengthen cybersecurity in local government units. It provides grants for security audits, IT infrastructure improvements, employee training, and the implementation of information security management systems aligned with national regulations.

What is the maximum funding amount available under the program?

Funding amounts vary depending on the size and type of local government unit, with grants typically covering a significant portion of cybersecurity improvement costs. Specific amounts and evaluation criteria are defined in each call for proposals, and applicants must demonstrate how the funds will address identified security gaps.

What steps must a local government take to participate in the program?

Participation typically involves conducting an initial cybersecurity audit, identifying gaps and vulnerabilities, preparing a detailed improvement plan, and submitting a grant application with a defined scope and budget. Successful applicants then implement the improvements and undergo verification to confirm compliance with program requirements.

How does the Cyberbezpieczny Samorzad program relate to broader EU cybersecurity directives?

The program aligns with European cybersecurity frameworks, including the NIS2 Directive, by helping local governments meet baseline security requirements. It supports Poland’s national cybersecurity strategy and ensures that public sector entities have the resources and knowledge to protect citizens’ data and critical infrastructure.