We offer assistance and advisory in making information security and IT infrastructure protection processes compliant with legal requirements.
Protection of Personal Data
Every organization processing the personal data is obliged to fulfill legal requirements, in particular stated in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Our audits aim to assess the level of compliance and point all the areas which can be treated as not fulfilling the requirements. During corrective action we help remove identified inconsistencies. We offer risk analysis to identify and list the controls ensuring, that the personal data is protected according to professional standards and adequate to the level of the risk of infringement of the law or freedoms of data subjects. We also support the organizations in conducting data protection impact assessments, defining and implementing the required processes and delivering the awareness trainings.
Certification Authorities
We conduct analyses of certification authorities in terms of their compliance with the requirements defined in legal regulations and industry standards. We support our customers in implementing solutions in order to fulfill requirements stated in eIDAS and M460 mandate. We analyse the processses related to certification services, PKI management and the technical countermeasures. As a result of the project the complete optimization concept is delivered, including the certification policy, certification practice statement and other required documentation.