IT Audit

Verify that the IT processes in your organization are managed according to standards and best practices. 
We lead IT audit in accordance with ISO 27001, which requires fulfillment of the Act on cybersecurity.
It serves to review and certification of IT, especially pfor larger companies and public administration organizations.

 

Entrepreneurs, afraid of audit? We can offer an informal analysis of IT oriented exactly to your needs.

What IT audit can respond?

  • Whether the defined strategy, IT management
  • Whether your organization is ready for certification of IT systems.
  • If the key systems adequately described in the catalog of IT services or other documentation
  • If ensure business continuity when disaster or other unplanned IT downtime
  • If a backup plan
  • How are processed IT requirements
  • If there are safety guidelines for IT

Content of service

Documentation in accordance with ISO 27001:

  • Formulation of information security policy
    The direction is determined and support for IT security by management is expressed.

  • Organization of information security
    Audit IT sets Information Security Management System within the organization, even when using mobile device.

  • Human resources security
    Employees and contracting parties will know their responsibilities in maintaining security information. Suitable candidates will be selected for each position. Protection or the organization interests will be provided during changes even after finish of their employment.

  • Asset management
    Identify assets and define responsibility for their adequate protection. Ensure the protection of information with a level corresponding to their importance.

  • Access control
    Set the rules and responsibilities of user access to information, systems and applications.

  • Cryptography
    Ensure the effective use of cryptographic methods (encryption) to protect information.

  • Physical and environmental security
    Implement preventive measures against unauthorized access to information or equipment, against loss, damage, theft or compromise of assets or to disruption of the organization.

  • Operation safety
    Audit provides operational procedures and responsibilities for backup, monitoring, recording logs, malware protection, etc.

  • Communications security
    It ensures data security in computer networks and their transfer outside the organization. Assesses the risk of data leak.

  • The acquisition, development and maintenance of systems
    Ensure the security of information within information systems, including applications development.

  • Suplier relationships
    Audit IT ensure the protection of the assets accessed by suppliers. Sets rules for monitoring, reviewing and change management services suppliers.

  • Information security incident management
    Ensure the effective procedure for managing security incidents, strengthen weak spots etc.

  • Business continuity management in terms of data security
    It ensures business continuity in case of emergency.

  • Compliance with requirements
    Audit ensures compliance of all activities with laws, standards, regulations or treaties. Data security will be implemented and operated in accordance with the organization's security policy (independent review, periodic review of compliance).

Audit outputs

  • Basic information on compliance of IT management and ISO 27001 standard

  • Readyness of the organization for the IT systems certification (under the Act on the cybersecurity

  • Description of risks arising from inadequate or missing documentation

  • Recommendations for corrective actions with the priorities, time and cost estimates

Demonstrations

IT Auditpříklad
IT Auditpříklad
IT Auditpříklad

Service standards

We realize audit by fulfillment of ISO 27001. We always lead it to focus on the details that are most important for you.

The risk of neglecting audit

  • Legal sanctions

    Conducting an audit in accordance with ISO 27001 is an essential condition for the fulfillment of the law on cyber security.

  • Inadequate technology and prices

    The audit determines whether and how assets are defined and classified and that the used technologies are not overpriced, underpowered, or vice versa. It is a strong argument in defense of the efficient and transparent management of the organization.

Cena služby

Náklady na audit určuje velikost organizace a požadovaná podrobnost auditu. Podrobnou cenovou nabídkou obdržíte po zmapování požadavků před zahájením samotné práce.

Why IT audit with us

  • Our main target is not the audit, but increasing of efectivity and safety of your IT.

  • We have 6 years experience with security, penetration, process and Máme 6 let praxe s bezpečnostními, penetračními, procesními and performance audits for major clients

  • Audit is performed by experienced and discreet staff screening min. 7-year corporate career.>

Garance

  • Final price and a deadline for completion of the audit will be known before signing a contract.

  • Our company has ISO 27001 certification by the NSA and holds no. 001683 Confidential (formation) and no. 001809 Secret (familiarization).

Frequent questions

  • How often and when it is appropriate to do an audit?

    The overall audit is appropriate to do once every two years. In the meantime, we recommend at least one more detailed audit focused on some part of problematics. The audit should be performed whenever the organization performed personnel changes or reorganization.

  • Can IT audit be only losing money

    The audit is not a formal goal, but tool for optimizing costs and investments directed to IT. A properly finished audit always finds opportunities for better management, so that more money saves than costs. For management the audit report is a key document, that demonstrates the correctness of their actions.

  • We are afraid that the audit is involved.

    The audit is by definition disinterested. Implementing the directive is freely available.

How to start?

Contact us. At the beginning we want to briefly characterize your organization and describe the reasons that lead you to the audit. We will talk to you and suggest a scenario audit what will best suit you. You will always know what is happening and what will happen next.