Audit- the key to maintaining security in the organization

Members of the Audit Team may show:

• Certificate of the Lead Auditor of the Information Security Management System
• Certificate of the Lead Auditor of the Business Continuity Management System

A systematic, independent and documented process for obtaining objective evidence and objectively evaluating it to determine the extent to which audit criteria are met.

• Purpose - OpenBIZ Ltd. audit team examines the compliance of the management system or its elements with the audit criteria.
• Scope - the area and boundaries of the audit. The scope of the audit is usually determined by the Auditee.
• Criteria - a set of requirements to which the Audit Team compares objective evidence. The audit criteria are determined by the Auditee nevertheless the set of requirements may be adjusted by the Audit Team Chairman to ensure the reliability of audit evidence acquisition and objective evaluation.

• Internal audit (first-party audit) - according to the name, it is usually performed by the organization's employees, however, due to the obligations associated with maintaining an internal audit group, the organization may contract the audit as a service. As OpenBIZ Ltd. we provide such a service.
• Audit of an external stakeholder (second party audit) - a type of audit that can be commissioned to OpenBIZ Ltd. by an organization authorized to gain knowledge about its supplier, customer, partner.
• Audit for legal, regulatory or similar purposes (third-party audit) - this is a type of audit that is required to be performed by the provisions of the internal or external legal system.
• OpenBIZ Ltd. does not perform audits for certification and/or accreditation purposes

• DORA
• SWIFT
• NIS2
• RODO/GDPR
• KSC Law
• Information Security Management System
• Security of Cloud Processing
• Security of Cloud Processing of Personal Data
• Risk Management System
• Business Continuity Management System

Comprehensive Audit:

Includes all resources, within the scope specified by the Auditee. Audit evidence is obtained through measurement, observation, analysis of document resource, interviews. Measurements are carried out by the Competence Center using Tenable® tools. If the audit is a requirement of the legal or normative system and is a check of the actual state with the required state, then it is considered an audit and, according to the provisions of the Law of March 6, 2018. Business Law, it must be entered in the audit book and the Audit Report must be presented at follow-up audits.

• It is not an audit and it is not an inspection. A security inventory is an internal check of IT/OT infrastructure elements, document assets, and personnel preparedness for tasks.
• No normative and/or legal requirements are placed on the safety inventory.
• It is performed according to the audit procedure in both technical and process areas.
• It does not have to be entered in the audit book.
• The Safety Inventory report is treated as a "working" document and does not have to be presented during the follow-up audit.

• In the establishment and implementation of the Information Security Management System SZBI/ISMS together with the Risk Management System
• In the establishment and implementation of the Business Continuity Management System SZCD/BCMS
• When establishing and implementing a Management System for meeting DORA requirements
• When establishing and implementing a Management System for meeting the requirements of NIS2