General Regulations and Standards

Although cyber protection is the responsibility of each individual company, it is necessary to ensure its functioning in the event of a sudden event from the point of view of the entire economy. A well-targeted attack can disable a company for months and cause tens of millions of crowns in damage.

As cyber incidents can fundamentally threaten key infrastructure, the EU at the European level, and hence the National Authority for Cyber and Information Security (NCIS), is legislating on the issue of cyber security.

The number of cyber-attacks is increasing rapidly every year in all EU Member States. The activity of attackers is amplified with the increasing pace of digital transformation and the continuous development of new advanced technologies. We have seen a significant increase in attacks during the Covid-19 pandemic or during the Russian-Ukrainian conflict.

Therefore, in an effort to strengthen the overall level of cybersecurity in all Member States, the European Union has come up with an amendment to the already applied NIS law in the form of a successor to NIS2.

The changes introduced by NIS2 are substantial and will have an impact on companies that have not been subject to the existing regulations. Therefore, the NCIS has approached this task by preparing a completely new law on cyber security and its decrees.

Cybersecurity has been addressed only through private entities, without sufficient coordination and legal regulation. Cyber protection was ineffective and fragmented. There were no security standards for important government systems and a coordinated approach to cybersecurity was needed. For these and many other reasons, the Cybersecurity Act, was enacted in the country.

Information is essential for the proper functioning of an organisation. Its efficient and especially secure processing is an important topic today. It is important to protect information adequately, especially against unauthorised access, leakage, destruction or loss. That is why there is an Information Security Management System (ISMS) that helps to manage information throughout its life cycle.

What is ISO 27001, ISMS?

ISO/IEC 27001 is an internationally applicable standard or framework for information security management systems, called ISMS. It is based on the three basic principles of confidentiality, availability and integrity. In particular, the ISMS defines the requirements for information security trust management for employees, processes, IT systems and company strategy. The adoption of an ISMS should be one of the fundamental strategic decisions of an organisation.

Why do you need an ISMS?

ISO 27001 certification is an essential pillar for protecting your assets. Holding an ISMS certificate according to the standard assures your customers that they have secured not only their own data, but also client data, as well as proactively managing and handling confidential data. By implementing an ISMS, an organization can identify potential risks and threats from information leakage and loss, thereby minimizing them.

BDO's approach

We offer our clients a complete process for implementing an information security management system into their organization, including preparation for a certification audit. Implement an ISMS into your organization with BDO in the following 5 steps.

First, we will conduct an initial information review where the necessary ISMS documentation will be reviewed and we will help you modify or improve it if necessary.
We will define the scope of the ISMS including the stated responsibilities for the information security management system and help you modify or create security policies.
We will review your asset inventory and asset management system. If your organization does not manage assets, we will suggest an appropriate methodology and help with implementation.
We will provide consulting services and support in risk identification. We will help you design or implement an appropriate methodology for their assessment and management within the ISMS.
We will help your organization prepare for a certification audit to obtain ISO/IEC 27001 certification.