Compliance Audit with NCS and GDPR

Analysis of compliance with GDPR focused on security and personal data protection


According to the National Cybersecurity System Act (NCS), operators of essential services are obliged to conduct a security audit of the information system used to provide essential services at least once every 2 years.

As part of the audit, we offer an analysis of compliance with the NCS Act and identification of gaps in the following areas:

  • risk and incident management
  • maintenance and system configuration management
  • physical and environmental security
  • access management
  • business continuity
  • supplier management.

The audit will also include an analysis of compliance with GDPR regulations, focused on security and personal data protection. We assess whether the organization has appropriate policies, procedures, and security mechanisms, and whether it meets the requirements of GDPR and the Personal Data Protection Act.

Audit steps:

  • planning and preparation
  • documentation analysis and gathering of audit evidence
  • on-site inspections and interviews
  • penetration testing
  • testing of technologies, teams, processes, and procedures for protecting critical infrastructure management systems
  • preparation of audit report.

Benefits of the audit