IT compliance

IT audit and IT compliance services in Kyrgyzstan

IT compliance, otherwise called IT audit, is a set of special audit activities aimed at obtaining an independent assessment of the current state of the information infrastructure, information security, information systems and business processes of the organization.

IT audit is carried out to meet the audit benchmark criteria, which are the company’s internal policies or external requirements. The need to comply with these requirements is determined by industry legislation, as well as corporate or international standards in the field of information security.

Audit evidence obtained during the assessment of infrastructure, systems and processes is compared with reference criteria, on the basis of which qualified conclusions are drawn and an audit report is issued.

Despite the fact that the most discussed in the press hack cases were caused by vulnerabilities in the software itself, most often the perpetrators of hacker attacks are “vulnerabilities” of human behavior. Over 80% of cases of hacking information systems have become successful due to the human factor. The possibility of a person making erroneous decisions in specific situations is due to ignorance, ignoring or abusing established rules for using information technologies, which were created to prevent such cases.

Strict compliance with the information security policies significantly increases the company’s invulnerability in front of the face of actual cyber threats.

Specialists of our company will improve the developed management processes, identify implicit risks and develop effective recommendations for reducing them to an acceptable level.


IT audit types

IT audit for compliance with the requirements of the National Bank of Kyrgyzstan

The benchmark audit criteria is the full range of special requirements of the National Bank of Kyrgyzstan, expressed in the form of active regulatory acts, binding on each bank and other non-bank financial institutions.

IT audit for compliance with special internal and external requirements

Evaluation criteria for conducting this type of audit are often internal corporate requirements for managing IT processes, qualifications of IT and information security staff of departments, and information security developed both independently and as a result of specific operating conditions for critical IT solutions imposed by an external vendor.

IT audit for compliance with the best world practices and international standards

The benchmark criteria are national and international standards, collections of proven practice recommendations and frameworks of international professional associations such as: ISACA (COBIT5), AXELOS (ITIL / ITSM) or BSI (ISO / IEC 20000). As well as the specific requirements of standards in the field of information security: ISO / IEC 2700x, SWIFT, PCI DSS, NIST SP-800, OWASP, SANS / CIS and others.