Comprehensive compliance audit with the National Cybersecurity System Act

We have completed another project in the field of cybersecurity – this time we carried out an audit of compliance with the requirements of the National Cybersecurity System (KSC) Act at the ZZOZ Wadowice healthcare facility.

A KSC audit is an independent and formal assessment of an organization’s compliance with legal requirements in the area of cybersecurity. The purpose of the audit is to verify whether operators of essential services (e.g., healthcare entities) have implemented appropriate technical and organizational safeguards that ensure continuity of operations and data security.

Scope and process of work

The audit covered a wide range of activities, including:

• analysis of data processing processes and security measures applied,
• inventory of infrastructure and software resources,
• identification and classification of information,
• system vulnerability scanning and analysis,
• analysis of physical and environmental security,
• assessment of risk, incident and vulnerability management procedures,
• review of cybersecurity-related documentation.

The project was carried out through on-site visits and remote analyses, in close cooperation with the facility’s staff.

Results and recommendations

During the audit, we identified non-compliances and recommended corrective actions that will enable ZZOZ Wadowice to increase its resilience to threats. Thanks to this, the hospital received a reliable diagnosis of its security status and practical recommendations for further actions in the field of cybersecurity.

Pentacomp’s expertise in IT security

Our IT service package includes audits and security tests, which allow us to accurately assess the degree to which an organization’s IT ecosystem is exposed to unwanted intrusions and activities.

Our portfolio includes, among others:

– application security tests,

– social engineering tests,

– IT environment security assessments,

– source code audits,

– compliance audits with KRI, ISO 27001, KSC, GDPR.

We also provide continuous IT network monitoring, which serves as a protective shield for the most valuable organizational data and information.