Tomáš Kubíček
IT audit is a highly specified field. We use information and communication technologies in all areas of company activity. In addition, for a proper IT assessment it is necessary to assess the organisation at all levels: technical, organisational and process. The wide range of areas that need to be assessed during an IT audit is matched by the wide range of legislation, norms and other standards against which it is possible or necessary to perform an IT audit.
On the one hand, we analyse our clients' IT environment within the audits of annual financial statements, in terms of regularity, profitability and growing requirements of the authorities. At the same time, we also assess business processes in IT and check for system vulnerabilities. Our services also include physical and organisational security inspections and security policy consulting.
We perform IT audits in accordance with various norms and standards, for example: information security management system (ISO/IEC 27000), IT services management system (ISO/IEC 20000), principles for personal data protection (Act No. 101/2000 Coll.), principles for IT Governance (CobiT), principles for specific systems and technologies (OWASP, OSSTM, recommendations of NIST, SANS and others).
- Information Security Management System (ISMS) audit
- IT Service Management System (ITSM) audit
- Personal Data Protection (GDPR) audit
- Audits in the banking environment
- Technical audits assessing the state of IT
- Verification of third-party services (SOC, ISAE)
- IT economy audit