COMPLIANCE AUDITS

IT security is not only about penetration testing. The scope of work of the best-trained cybersecurity engineers can carry out thorough compliance audits and their implementations for you.

AUDITS & IMPLEMENTATIONS

INFORMATION SECURITY MANAGEMENT SYSTEMS ACC. TO ISO/IEC 27001

The best solution for ensuring information integrity, confidentiality, and availability is the Information Security Management System standard consistent with ISO/IEC 27001.

At a client's request, STM Cyber performs an assessment of the level of preparedness for the implementation of ISMS in accordance with ISO/IEC 27001:2013 standard, including a periodic verification of the existing information security management system in terms of its compliance with the requirements of the ISO/IEC 27001:2013 standard.

The client receives a report which defines the level of ISMS conformity with the requirements, the identified vulnerabilities, and recommended corrective measures.

As part of ISMS implementation, our specialized team is ready to support your organization with:

A set of documents realizing the ISO/IEC 27001:2013 standard requirements
Personnel training
Support in implementation activities (internal audits, management reviews).

AUDIT OF NATIONAL INTEROPERABILITY FRAMEWORKS

This service is addressed to entities performing public tasks. It consists in verifying the implementation and assessing the compliance of the information security management systems (ISMS) with the requirements of the Council of Ministers for the National Interoperability Frameworks.

The obligation of performing periodic audits results from section 20, item 2, pt. 14 of the Council of Ministers' Ordinance from April 12, 2012, on the National Interoperability Frameworks (Journal of Laws 2016, item 113).

The client receives a report which defines the level of ISMS conformity with the requirements, the identified vulnerabilities, and recommended corrective measures.

This service consists in developing a set of rules and procedures that together form an Information Security Policy within the scope required by the Ordinance of the Council of Ministers from April 12, 2012, on the National Interoperability Frameworks (Journal of Laws 2016, item 113).

The client receives a set of documents fulfilling the requirements defined in section 20 of the ordinance.

GDPR AUDIT OF COMPLIANCE

AND ADJUSTING TO THE REQUIREMENTS

General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and the Council) All member states of the European Union came into effect on May 25, 2018.

It lays down rules relating to the protection of natural persons concerning the processing of personal data and the free movement of personal data. The Regulation defines the rights of the consumers, the obligations of service providers in the context of personal processing data, and how it shall be handled.

A GDPR audit aims to verify the compliance of processes, systems, and documentation with the Regulation. Audit findings are presented in a detailed report containing information on the degree of compliance with the requirements outlined in the Regulation.

AUDIT

IN COMPLIANCE WITH

THE ACT ON THE NATIONAL CYBERSECURITY SYSTEM

AUDIT

OF COMPLIANCE WITH

RECOMMENDATION D

A compliance audit and adjusting to the requirements (implementation) of the National Cybersecurity System (the Act on the National Cybersecurity System (ANCS) passed on July 5, 2018 - Journal of Laws 2018.1560).

The ANCS act aims to regulate some legal aspects in order to enable the implementation of the so-called NIS Directive of the EU and the creation of a national IT security system.

The system covers operators handling key services in, among others, the energy, transport, and medicine sectors.

The key services operators must comply with several requirements and perform the tasks ensuing from legal acts related to the ANCS.

Based on years of professional experience, STM Cyber ensures comprehensive support in preparing your organization to implement the NIS Directive and meet the Act on National Cybersecurity System requirements.

This service is dedicated mainly to cooperative banks to verify their compliance in managing IT areas and ICT security with the requirements laid down in Recommendation D of the Financial Supervision Authority (KNF).

The service meets the obligation imposed on banks by the Financial Supervision Authority (Recommendation No. 22).

The client receives a report which defines the level of conformity with the Recommendation D requirements, identified vulnerabilities, and recommended corrective measures.