We lead IT audit in accordance with ISO 27001, which requires fulfillment of the Act on cybersecurity.
It serves to review and certification of IT, especially pfor larger companies and public administration organizations.
Entrepreneurs, afraid of audit? We can offer an informal analysis of IT oriented exactly to your needs.
What IT audit can respond?
- Whether the defined strategy, IT management
- Whether your organization is ready for certification of IT systems.
- If the key systems adequately described in the catalog of IT services or other documentation
- If ensure business continuity when disaster or other unplanned IT downtime
- If a backup plan
- How are processed IT requirements
- If there are safety guidelines for IT
Content of service
Documentation in accordance with ISO 27001:
Formulation of information security policy
The direction is determined and support for IT security by management is expressed.
Organization of information security
Audit IT sets Information Security Management System within the organization, even when using mobile device.
Human resources security
Employees and contracting parties will know their responsibilities in maintaining security information. Suitable candidates will be selected for each position. Protection or the organization interests will be provided during changes even after finish of their employment.
Identify assets and define responsibility for their adequate protection. Ensure the protection of information with a level corresponding to their importance.
Set the rules and responsibilities of user access to information, systems and applications.
Ensure the effective use of cryptographic methods (encryption) to protect information.
Physical and environmental security
Implement preventive measures against unauthorized access to information or equipment, against loss, damage, theft or compromise of assets or to disruption of the organization.
Audit provides operational procedures and responsibilities for backup, monitoring, recording logs, malware protection, etc.
It ensures data security in computer networks and their transfer outside the organization. Assesses the risk of data leak.
The acquisition, development and maintenance of systems
Ensure the security of information within information systems, including applications development.
Audit IT ensure the protection of the assets accessed by suppliers. Sets rules for monitoring, reviewing and change management services suppliers.
Information security incident management
Ensure the effective procedure for managing security incidents, strengthen weak spots etc.
Business continuity management in terms of data security
It ensures business continuity in case of emergency.
Compliance with requirements
Audit ensures compliance of all activities with laws, standards, regulations or treaties. Data security will be implemented and operated in accordance with the organization's security policy (independent review, periodic review of compliance).
Basic information on compliance of IT management and ISO 27001 standard
Readyness of the organization for the IT systems certification (under the Act on the cybersecurity
Description of risks arising from inadequate or missing documentation
Recommendations for corrective actions with the priorities, time and cost estimates
We realize audit by fulfillment of ISO 27001. We always lead it to focus on the details that are most important for you.
The risk of neglecting audit
- Legal sanctions
Conducting an audit in accordance with ISO 27001 is an essential condition for the fulfillment of the law on cyber security.
- Inadequate technology and prices
The audit determines whether and how assets are defined and classified and that the used technologies are not overpriced, underpowered, or vice versa. It is a strong argument in defense of the efficient and transparent management of the organization.
Náklady na audit určuje velikost organizace a požadovaná podrobnost auditu. Podrobnou cenovou nabídkou obdržíte po zmapování požadavků před zahájením samotné práce.
Why IT audit with us
Our main target is not the audit, but increasing of efectivity and safety of your IT.
We have 6 years experience with security, penetration, process and Máme 6 let praxe s bezpečnostními, penetračními, procesními and performance audits for major clients
Audit is performed by experienced and discreet staff screening min. 7-year corporate career.>
Final price and a deadline for completion of the audit will be known before signing a contract.
Our company has ISO 27001 certification by the NSA and holds no. 001683 Confidential (formation) and no. 001809 Secret (familiarization).
- How often and when it is appropriate to do an audit?
The overall audit is appropriate to do once every two years. In the meantime, we recommend at least one more detailed audit focused on some part of problematics. The audit should be performed whenever the organization performed personnel changes or reorganization.
- Can IT audit be only losing money
The audit is not a formal goal, but tool for optimizing costs and investments directed to IT. A properly finished audit always finds opportunities for better management, so that more money saves than costs. For management the audit report is a key document, that demonstrates the correctness of their actions.
- We are afraid that the audit is involved.
The audit is by definition disinterested. Implementing the directive is freely available.
How to start?
Contact us. At the beginning we want to briefly characterize your organization and describe the reasons that lead you to the audit. We will talk to you and suggest a scenario audit what will best suit you. You will always know what is happening and what will happen next.