„You can't manage what you don't measure” - Peter Drucker

Audit- the key to maintaining security in the organization

Regular audits are necessary to maintain continuous improvement and safety in the organization

Skontaktuj się


Members of the Audit Team may show:

  • Certificate of the Lead Auditor of the Information Security Management System
  • Certificate of the Lead Auditor of the Business Continuity Management System

Audit (according to EN ISO 19011)

A systematic, independent and documented process for obtaining objective evidence and objectively evaluating it to determine the extent to which audit criteria are met.

Principia of audit

  • Purpose - OpenBIZ Ltd. audit team examines the compliance of the management system or its elements with the audit criteria.
  • Scope - the area and boundaries of the audit. The scope of the audit is usually determined by the Auditee.
  • Criteria - a set of requirements to which the Audit Team compares objective evidence. The audit criteria are determined by the Auditee nevertheless the set of requirements may be adjusted by the Audit Team Chairman to ensure the reliability of audit evidence acquisition and objective evaluation.

Types of audits performed by the Audit Division of OpenBIZ Ltd.

  • Internal audit (first-party audit) - according to the name, it is usually performed by the organization's employees, however, due to the obligations associated with maintaining an internal audit group, the organization may contract the audit as a service. As OpenBIZ Ltd. we provide such a service.
  • Audit of an external stakeholder (second party audit) - a type of audit that can be commissioned to OpenBIZ Ltd. by an organization authorized to gain knowledge about its supplier, customer, partner.
  • Audit for legal, regulatory or similar purposes (third-party audit) - this is a type of audit that is required to be performed by the provisions of the internal or external legal system.
  • OpenBIZ Ltd. does not perform audits for certification and/or accreditation purposes

Examples of normative-legal system elements (audit criteria for the OpenBIZ Ltd. Audit Team).

  • DORA
  • NIS2
  • KSC Law
  • Information Security Management System
  • Security of Cloud Processing
  • Security of Cloud Processing of Personal Data
  • Risk Management System
  • Business Continuity Management System

Rules for performing an IT/OT security audit or business continuity management system audit

Comprehensive Audit:

Includes all resources, within the scope specified by the Auditee. Audit evidence is obtained through measurement, observation, analysis of document resource, interviews. Measurements are carried out by the Competence Center using Tenable® tools. If the audit is a requirement of the legal or normative system and is a check of the actual state with the required state, then it is considered an audit and, according to the provisions of the Law of March 6, 2018. Business Law, it must be entered in the audit book and the Audit Report must be presented at follow-up audits.


Why security Inventory?

  • It is not an audit and it is not an inspection. A security inventory is an internal check of IT/OT infrastructure elements, document assets, and personnel preparedness for tasks.
  • No normative and/or legal requirements are placed on the safety inventory.
  • It is performed according to the audit procedure in both technical and process areas.
  • It does not have to be entered in the audit book.
  • The Safety Inventory report is treated as a "working" document and does not have to be presented during the follow-up audit.


  • In the establishment and implementation of the Information Security Management System SZBI/ISMS together with the Risk Management System
  • In the establishment and implementation of the Business Continuity Management System SZCD/BCMS
  • When establishing and implementing a Management System for meeting DORA requirements
  • When establishing and implementing a Management System for meeting the requirements of NIS2

Are you interested in our product or service?

Please contact us