top of page

COMPLIANCE AUDITS

IT security is not only about penetration testing. The scope of work of the best-trained cybersecurity engineers can carry out thorough compliance audits and their implementations for you.

AUDITS  &  IMPLEMENTATIONS

INFORMATION SECURITY MANAGEMENT SYSTEMS ACC. TO ISO/IEC 27001

The best solution for ensuring information integrity, confidentiality, and availability is the Information Security Management System standard consistent with ISO/IEC 27001.

At a client's request, STM Cyber performs an assessment of the level of preparedness for the implementation of ISMS in accordance with ISO/IEC 27001:2013 standard, including a periodic verification of the existing information security management system in terms of its compliance with the requirements of the ISO/IEC 27001:2013 standard.

The client receives a report which defines the level of ISMS conformity with the requirements, the identified vulnerabilities, and recommended corrective measures.

As part of ISMS implementation, our specialized team is ready to support your organization with:

  • A set of documents realizing the ISO/IEC 27001:2013 standard requirements

  • Personnel training

  • Support in implementation activities (internal audits, management reviews).

AUDIT OF NATIONAL INTEROPERABILITY FRAMEWORKS

This service is addressed to entities performing public tasks. It consists in verifying the implementation and assessing the compliance of the information security management systems (ISMS) with the requirements of the Council of Ministers for the National Interoperability Frameworks.

The obligation of performing periodic audits results from section 20, item 2, pt. 14 of the Council of Ministers' Ordinance from April 12, 2012, on the National Interoperability Frameworks (Journal of Laws 2016, item 113).

The client receives a report which defines the level of ISMS conformity with the requirements, the identified vulnerabilities, and recommended corrective measures.

This service consists in developing a set of rules and procedures that together form an Information Security Policy within the scope required by the Ordinance of the Council of Ministers from April 12, 2012, on the National Interoperability Frameworks (Journal of Laws 2016, item 113).

The client receives a set of documents fulfilling the requirements defined in section 20 of the ordinance.

COMPLIANCE
WITH GDPR

GDPR - Regulation of the European Parliament and of the Council (EU)

on Personal Data Protection 2016/679 or GDPR (General Data Protection Regulation) in force from May 25, 2018

in all European Union member states.  

A set of rules for the protection of individuals in a relationship

with the processing of personal data and their flow. It defines what rights consumers have and what obligations entrepreneurs have

in the context of the personal data processed and how this data should be handled.

The purpose of the GDPR audit is to verify the compliance of processes, documentation, and systems with the regulation. The product of the audit is a detailed report containing information on the degree of compliance with the requirements of the regulation.

COMPLIANCE
WITH REQUIREMENTS
 
NATIONAL CYBERSECURITY SYSTEM

GDPR AUDIT OF COMPLIANCE

AND ADJUSTING TO THE REQUIREMENTS

A compliance audit and adjusting to the requirements (implementation) of the National Cybersecurity System (the Act on the National Cybersecurity System (ANCS) passed on July 5, 2018 - Journal of Laws 2018.1560).

The ANCS act aims to regulate some legal aspects in order to enable the implementation of the so-called NIS Directive of the EU and the creation of a national IT security system.

The system covers operators handling key services in, among others, the energy, transport, and medicine sectors.

The key services operators must comply with several requirements and perform the tasks ensuing from legal acts related to the ANCS.

Based on years of professional experience, STM Cyber ensures comprehensive support in preparing your organization to implement the NIS Directive and meet the Act on National Cybersecurity System requirements.

General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and the Council) All member states of the European Union came into effect on May 25, 2018.

It lays down rules relating to the protection of natural persons concerning the processing of personal data and the free movement of personal data. The Regulation defines the rights of the consumers, the obligations of service providers in the context of personal processing data, and how it shall be handled.

A GDPR audit aims to verify the compliance of processes, systems, and documentation with the Regulation. Audit findings are presented in a detailed report containing information on the degree of compliance with the requirements outlined in the Regulation.

Complete the form and we will contact you within 24 hours.

bottom of page