IT security audit is a set of activities that will allow your company or institution to receive an objective and independent assessment of the functioning in terms of meeting the legal obligation to protect personal data and standards related to issues of reliability, accountability, availability and data integrity.
The IT security audit is composed of conducting a methodical, comprehensive survey indicating potential weaknesses and proposing actions aimed at improving the effectiveness in the area of information security management processes.
Depending on the client's needs, we offer verification activities in the field of personal data protection and information security.
Regarding the protection of personal data, we will verify:
- correctness of data processing procedures with UODO
- if all data sets have been registered in GIODO
- whether ADO, ABI and ASI have been properly identified
- storage and data destruction procedures
- regulations and agreements regarding the processing / entrusting of personal data
- information activities on ADO
In the area of information security, we will verify:
- compliance of current activities with the ISO 27001 standard
- quality of information security management system
- software legality
- correct configuration of devices and IT systems
- physical and software security of the IT system
- the vulnerability of IT infrastructure to internal and external attacks
- security procedures and policies
- the policy of executing and managing backups
- staff knowledge and scope of training
The consequence of each security audit is to prepare a report containing a set of recommendations for the organization that the audit was commissioned for. Additionally, a risk analysis, as well as a schedule and a cost estimation for the modernization of the IT infrastructure for the purposes of improving information security, may be prepared.
As part of the post-audit work, we can offer:
- implementation of recommendations indicated after the audit (reconfiguration and delivery of systems)
- creation / improvement of information security management system
- preparation of necessary documents for GIODO
- training of employees in the field of information security
- implementation of standards in accordance with ISO 27001 and ISO 9001
- performing the ABI function
- creating a security policy
- creating a backup management system
- control of the costs of IT services
We have been employing and cooperating with very experienced auditors for information security and IT system administrators for years, which allows us to provide services at the highest level. During the year, our auditors carry out more than 50 information security audits in private enterprises as well as state institutions, including hospitals and health care facilities.
We are qualified in the field of:
- Leading auditor in the field of the Information Security Management System according to ISO 27001: 2013 (international exam with IRCA license)
- Leading auditor in the field of Environmental Management System according to ISO 14001: 2015 (international exam with IRCA license)
- Internal Auditor ISO 9001: 2009, ISO 14001, ISO 18001
- Information Security Administrator Certificate
- Public Procurement Certificate in IT activity,
Securing IT organizations and systems should not be treated as a one-off undertaking, but as a process that should be modified along with emerging changes in the internal and external environment of our organization.