Open Audit is a specialistic small business that practically and professionally supports the processes of planning, implementing and monitoring security mechanisms for the recipients of our services. The offer of projects implemented by us is closely related to threats related to security in business processes, data security or security of IT systems (ICT security). Our mission is to implement custom-made security for our customers.
We do not limit ourselves to the subject of security in IT processes. We support our clients in the implementation of legal requirements, both at the national (PL) and international (EU) level. We conduct audits of Information Security Management Systems. Our projects which are carried out in accordance with the PRINCE2 methodology. We adapt to existing customer design structures or build such structures for clients taking into account the participation of Open Audit in this process. Most often, we act as Project Manager (PM) or Team Leader (TL) acting for the Main Supplier (MS) in the project. We can adapt to the methodology preferred by our clients. For small projects, we choose the methodology so that it does not build barriers, but supports us and our clients in the optimal path of creating the intended product.
Our competences are focused on …
.. area of required legal compliance (area of European Union)
- Support in all aspects of meeting the requirements of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)
- Support in the implementation of the Polish regulation of the Council of Ministers of 12 April 2012 on the National Interoperability Framework, minimum requirements for public registers and exchange of information in electronic form and minimum requirements for ICT systems
- Support in ensuring compliance with the Polish Act of 10 May 2018 on the protection of personal data
… area of managing safety processes in the context of …
- The organizing (planning) and conducting system audits in terms of compliance with the ISO / IEC 27000 group standards (in particular ISO / IEC 27001, standards such as COBIT or TOGAF using (if necessary) the CISA methodology.
- Conducting audits of management systems for compliance with applicable legal regulations (national and European);
- Creating Information Security Management Systems (ISMS)
- Analysis and designing of security management processes in a service model based on:
- ISO / IEC 20000-1 and ISO / IEC 20000-2;
- Information Technology Infrastructure Library (ITIL).
- Collaboration with CSIRT / CERT teams on behalf of our clients
- Analyzes of security incidents
… the area of technical security …
- Conducting audits of IT systems security in terms of detecting vulnerability to the attacks;
- Conducting deep penetration testing;
- Conducting network analysis after intrusion into IT systems;
- Designing and implementing of security controls for networks, operating systems and applications systems (i. e. based on WEB technologies);
- Optimiztion operating systems in security areas.
… analytical area in the field …
- Analysing, designing and documenting business processes using BPMN notation.
- Consulting activities in the areas mentioned above, and:
- during the development of the assumptions to the Specification of Essential Terms of the Contract. In this situation, our experts help the organization prepare tender documentation. We do not take part in the proceedings at the time;
- during negotiations with service providers, when there are disputable situations in which it is difficult to reach a compromise.
We work on the basis of short and long-term contracts. Knowledge, experience and high level of personal culture is our trademark. Our mission is to increase the awareness of data owners about all risks of data processing.
Our certificates:
- CEH (Certified Ethical Hacker), CISSP (Certified Information Systems Security Professional), CompTIA Security +
- ITILv3, PRINCE2
- CISA (Certified Information Systems Auditor), ISO 27001 (leading auditor), ISO 27001 (internal auditor), M_o_R (Management Of Risk)
- Red Hat Certified Engineer (RHCE), CISCO Professionals (CCNA / CCNP / CCIE), Microsoft, Trend Micro, CA Technologies and the others.
We have experience connected with legal regulations, including representatives:
- Cyberspace Representatives for the benefit of the entity commissioner
- Architects and implementers of the requirements of the EU Interoperational Framework
- Data protection officers (DPO)