Verification of Compliance of Internal Processes and Policies with Regulatory Requirements
• Regulations like the Act and Decree on Cybersecurity (ZoKB), DORA, GDPR, CRA, CNB decrees, and recognised frameworks and standards – ISO 27000, COBIT, ITIL
We will show you how to achieve compliance with the relevant regulations efficiently and secure your corporate environment. Together, we will set up processes that protect your data and your company’s reputation.
Common Challenges Our Clients Have Faced – And We’ve Helped Solve
How to navigate IT and security regulations and standards
How to implement regulatory requirements as simply as possible
How to manage the risks and security of your suppliers
How to secure the capacity
to achieve compliance with regulations
Which regulations apply to you and to what extent
How to successfully pass IT and IT security audits
How to secure data
How to address the most significant risks
associated with IT and cyber security
How to implement new technologies and innovations in the context of numerous regulations
How We Help
GAP Analysis and Independent Audit
• according to regulatory requirements, including prioritised recommendations and risk ratings in individual areas
Consolidation of Controls and Security Requirements across Relevant Regulations
Risk Analysis in IT and Information Security
References
Internal IT Audit under the Act on Cybersecurity
We designed an audit plan in accordance with the Cybersecurity Act (ZoKB) and mapped it to the company’s internally defined risks. Based on meetings with company representatives and documentation review, we assessed compliance with the individual sections and articles of the Act. We assigned severity and recommendations to each non-compliance, including a timeframe and priority. All findings and recommendations were discussed with the Internal Audit function and the auditees.
GAP Analysis under the DORA Regulation (including the relevant RTS)
We mapped the requirements of the DORA Regulation in detail, including the relevant Regulatory Technical Standards (RTS), and divided them into logical units and areas of the client’s internal controls. Through interviews with selected employees and a review of documentation, we described the current state and compared it with the state required by the regulation. For the identified gaps, we set priorities and an action plan, and we also calculated maturity across the five basic DORA domains.
Assessment of the Maturity of Selected IT Processes under the COBIT Framework
Using COBIT’s maturity model, we assessed selected IT processes. After discussion and a presentation to the company’s management, we defined the steps needed for the company to reach the desired level of maturity in the selected priority processes.
SOX IT Audit
In meetings with selected company representatives, we went through individual (business) processes and identified automatic and semi-automatic controls already in operation. We proposed additional controls that the client should implement or optimise to better achieve control objectives. Within the defined systems, we tested general IT controls and the completeness/reliability of selected key reports produced by the systems and used by management in decision-making.
