IT Audit service is dedicated to all companies in order to verify whether confidential pieces of information are properly protected against unauthorised access and whether the used hardware works well and runs legal software copies, as well as whether the hardware is used effectively and in accordance with its intended use. This service also allows to carry out the analysis of support for business functions within a company by individual IT systems.
IT Audit is particularly important for safety reasons – it indicates a degree of resistance of the IT system to the risk of interruption of its operation (e.g. catastrophic server failure, web service failure as a result of DDoS attack) and the risk of exposure of data processed within the system to the loss of one or more of the so called basic attributes of information security, i.e. confidentiality, integrity and availability.
IT Audit constitutes an independent assessment of currently running IT system together with its hardware, system, and network infrastructure, which should be carried out periodically. With this, sufficiently high level of IT and information security within a company is maintained.
In our company, the IT Audit service is provided by teams made up of highly qualified specialists from various IT fields and areas (network, servers, systems, applications, etc.), who work under the guidance of experienced auditors (e.g. certified by the international Information Systems Audit and Control Association – ISACA). All of our specialists have appropriate security clearance at the level of “confidential” or “secret” (according to the Act on the Protection of Confidential Information).
The most important audit assignments performed by our company include:
- analysis and assessment of IT infrastructure security in terms of compliance with safety standards (e.g. PN-ISO/IEC 27001), the so called good practices (e.g. ITIL standards), safety policies applicable in a company as well as specific requirements resulting from external sector-specific regulations (e.g. D recommendation in banking sector) or provisions of the law (including, but not limited to, the Act on Personal Data Protection and Act on Protection of Confidential Information);
- analysis and assessment of existing IT security systems;
- analysis of software legality;
- analysis and assessment of the implementation of recommendations specified in any previous audits, if any.
Please download and use reference materials needed for your project.