COMPLIANCE AUDITS

IT security is not only about penetration testing. The scope of work of the best trained cybersecurity engineers is able to carry out thorough compliance audits and their implementations for you.

AUDITS  &  IMPLEMENTATIONS

INFORMATION SECURITY MANAGEMENT SYSTEMS ACC. TO ISO/IEC 27001

Currently, the best solution for ensuring information integrity, confidentiality and availability is the Information Security Management System standard consistent with ISO/IEC 27001.

At a client's request, STM Cyber performs an assessment of the level of preparedness for the implementation of ISMS in accordance with ISO/IEC 27001:2013 standard, including a periodic verification of the existing information security management system in terms of its compliance with the requirements of the ISO/IEC 27001:2013 standard.

The client receives a report which defines the level of ISMS conformity with the requirements, the identified vulnerabilities and recommended corrective measures.

As part of ISMS implementation, our specialized team is ready to support your organization with:

  • A set of documents realizing the ISO/IEC 27001:2013 standard requirements

  • Personnel training

  • Support in implementation activities (internal audits, management reviews).

AUDIT OF NATIONAL INTEROPERABILITY FRAMEWORKS

This service is addressed to entities performing public tasks and consists in verifying the implementation and assessing the compliance of the information security management systems (ISMS) with the requirements of the Council of Ministers for the National Interoperability Frameworks.

The obligation of performing periodic audits results from section 20, item 2, pt. 14 of the Council of Ministers' Ordinance from April 12, 2012 on the National Interoperability Frameworks (Journal of Laws 2016, item 113).

The client receives a report which defines the level of ISMS conformity with the requirements, the identified vulnerabilities and recommended corrective measures.

This service consists in developing a set of rules and procedures that together form an Information Security Policy in the scope required by the Ordinance of the Council of Ministers from April 12, 2012 on the National Interoperability Frameworks (Journal of Laws 2016, item 113).

The client receives a set of documents fulfilling the requirements defined in section 20 of the ordinance.

GDPR AUDIT OF COMPLIANCE

AND ADJUSTING TO THE REQUIREMENTS

General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and the Council) came into effect on May 25, 2018 in all member states of the European Union.

It lays down rules relating to the protection of natural persons with regard to the processing of personal data and the free movement of personal data. The regulation defines the rights of the consumers and the obligations of service providers in the context of processing personal data, as well as how it shall be handled.

A GDPR audit aims to verify the compliance of processes, systems, and documentation with the Regulation. Audit findings are presented in a detailed report containing information on the degree of compliance with he requirements set forth in the Regulation.

AUDIT 

IN COMPLIANCE WITH

THE ACT ON THE NATIONAL CYBERSECURITY SYSTEM

AUDIT

OF COMPLIANCE WITH

RECOMMENDATION D

A compliance audit and adjusting to the requirements (implementation) of the National Cybersecurity System (the Act on the National Cybersecurity System (ANCS) passed on July 5, 2018 - Journal of Laws 2018.1560).

The ANCS act aims to regulate some legal aspects in order to enable the implementation of the so-called NIS Directive of the EU and the creation of a national IT security system.

The system covers operators handling key services in, among others, the energy, transport and medicine sectors.

The key services operators must comply with several requirements and perform the tasks ensuing from legal acts related to the ANCS.

STM Cyber, based on years of professional experience, ensures comprehensive support in preparing your organization to implement the NIS Directive and meet the requirements of the Act on National Cybersecurity System.

This service is dedicated especially to cooperative banks to verify their compliance in terms of managing IT areas and ICT security with the requirements laid down in Recommendation D of the Financial Supervision Authority (KNF).

The service meets the obligation imposed on banks by the Financial Supervision Authority (Recommendation no. 22).

The client receives a report which defines the level of conformity with the Recommendation D requirements, identified vulnerabilities and recommended corrective measures.