What is a security requirements and standards compliance audit?
An audit of compliance with security requirements and standards is a comprehensive approach to ensuring the protection of business information and assets. Depending on the situation and the client’s decision, the audit may include an assessment of compliance with internal regulations, standards such as ISO 27001, ISO 22301, GDPR, PCI DSS, the National Interoperability Framework (NIF), recommendations of the Polish Financial Supervision Authority (e.g. Recommendation D of the PFSA), legal requirements arising from the National Cybersecurity System Act and the NIS and NIS2 Directives, DORA (Digital Operational Resilience) and other requirements identified by the client.
-
Who is it for?
The security requirements and standards compliance audit is designed for businesses and organisations that want to ensure that their systems, processes and practices comply with applicable security standards and industry requirements.
-
When to audit?
Organisations should consider a compliance audit when they are planning to implement or upgrade IT systems, when they are introducing new business processes, when they are undergoing restructuring, or when they want to ensure that they are up to date with industry standards, legislation and requirements of their customers.
-
What do you gain?
You will obtain a comprehensive assessment of your compliance with security requirements and standards. We will support you in the process of achieving compliance with regulations and requirements and reducing the risk of liability and penalties, as well as in identifying areas for improvement and optimising business processes. You will build trust with your customers, business partners and regulatory bodies by ensuring compliance with nationally and internationally recognised security standards.
Scope of support
The scope of the service is determined individually for each organisation, taking into account its needs, budget and the specific nature of its business.
-
Identification of requirements
Identification of compliance requirements and relevant norms and standards.
-
Assessment of compliance with requirements
Assessment of compliance with requirements and applicable standards, such as ISO 27001, GDPR, and other industry norms and standards.
-
Assessment of internal regulations
Review of internal documents relating to systems, processes and security policies. Analysis of existing security policies and procedures and verification of compliance with industry and regulatory security standards.
-
Assessment of information systems
Verification if IT systems are compliant with applicable security standards and regulations, such as GDPR, ISO 27001, NIS2, DORA and other industry standards.
Implementation process
-
Defining audit objectives and scope
Defining objectives, client expectations and scope of work. This stage determines what exactly will be analysed and evaluated.
-
Developing an audit plan
Developing a detailed plan including an assessment of the client’s compliance with security requirements and standards.
-
Conducting the audit
The audit process, including collecting data, interviewing staff, evaluating documentation, analysing IT systems and verifying compliance with security requirements.
-
Writing the report
Preparing an audit report with detailed findings, identified non-conformities, recommendations and suggestions for corrective action and optimisation.
-
Consultation with the client
Meeting with the client to discuss the findings, present recommendations and jointly analyse potential corrective actions. At this stage, the client may receive further clarification and assistance in planning corrective actions.
Defining objectives, client expectations and scope of work. This stage determines what exactly will be analysed and evaluated.
Why Grant Thornton?
We support our clients at all stages of building a secure business. We know how to make IT security effective and simple. It is not just our job, it is our passion. And that is why we provide the highest level of service.
-
500+
projects delivered across many sectors and for organisations of all sizes
-
300+
clients satisfied with our information security and cybersecurity support
-
60
people on our team of experts in the fields of IT, security and business continuity
To date, we have helped ensure the digital security of the following clients:
WonderMiles
Travel
- Scope of service
Web application security testing
Meniga
IT services
- Scope of service
Preparation for management system certification to ISO 27001
Biuro Informacji Kredytowej
Accounting & finance
- Scope of service
Web application security testing
S&T
IT services
- Scope of service
vCISO – maintenance and development of an information security management system
Callstack.io
Web development
- Scope of service
vCISO – maintenance and development of an information security management system