IT Advisory

Advisory services in development of SDLC methodology and process. Assessment of a design and implementation of in-house software development life cycle, coding and application security standards, a level of documentation support and source code maintenance. 

Business Continuity and Disaster Recovery process implementation and review. Business impact assessments and advisory in evaluation of key business processes. Assessment of the governance process aimed on identification of potential threats to a company, minimizing an impact on the business operations and a framework for building organizational resilience with the capability for an effective recovery of operations. Appraisal of adequacy of backup approach and disaster recovery activities and tests is performed as well.

Advisory services in performing of Cybersecurity assessments including FFIEC approach for financial institutions, audits and penetration testing. 

Assessment and advisory services in process improvement of a database (DB) management processes, DBs security configuration, protective measures, systems performance and availability. Assessment of staff competences, adequacy of the DMBS systems configuration and an appropriate change management process, especially for emergency changes and design and maintenance of access permissions, especially for privileged accounts in production DBs.

Overall assessment of the organization's IT department and its divisions. Analysis of the quality of design and implementation of key IT processes and their monitoring by IT managers. Assessment to include key governance areas:

•  Planning and budgeting of department’s activities.
•  Procurement of IT resources and assets.
•  Staff management.
•  Quality of reporting to the Management of institution.

 Advisory services in establishing all lacking processes.

Implementataion and evaluation of incident management process, including recovery of services / functionality after downtimes, minimization of their impact on the main business and design of preventive measures. Advisory services covering discovery and treatment of problems based on the assessment of incidents.

Implementation of ISMS 27001 based methodology and development of policies. Examination of adequacy, scaled to particular company’s needs, and quality of an Information Security Management System in each and every of its form (physical, technical, organizational security). Advisory and verification of the process approach for information security. Information security Risk Assessment process implementation and review.

Performing of IT audit services along with review of regulatory compliance related to Information security law reporting, GDPR gap assessments and related reporting. 

The IT Audit Department works on identifying and eliminating deficiencies in the organization, functioning and management of information systems, as well as resource optimization.

Our approach in conducting the implementation review is designed to improve security, functionality and efficiency.

We help companies in achieving their goals by focusing on IT processes, people, technology, reporting, organization, data and documentation.

Our services include, but are not limited to:

• Internal and external audit of information systems
• IT Due Diligence
• IT risk management
• Vulnerability assessment of the information system,
• Assistance with compliance with IT regulations.
• Software Asset Management (SAM) and License review
• Reduction of IT costs because they represent a significant part of the total costs of the organization
• Testing disaster recovery procedures

The services we provide in the field of audit of IT projects and information technology systems help clients to achieve the full value of their strategic technology initiatives and increase satisfaction with established IT solutions, through effective risk management. 

More information about service 

 

 

Appraisal of how IT related projects are initiated, planned, executed, monitored and closed. Assessment of portfolio management quality and a detailed review of the implementation of IT projects. Providing of IT project management services and process implementation.

Advisory services in IT risk management are covering IT risk assessments and self assessment process. Insight in how IT related risks are identified, estimated, evaluated and treated both periodically, operationally and during execution of IT projects. Advice on how Risk Event Database maintenance and filling is performed.

Appraisal of key aspects, related to maintenance and support of core business applications that directly process financial transactions. Development and appraisal of key aspects, elated to maintenance and support of business applications that do not directly process financial transactions. Specific attention is paid to:

•  Configuration and performance of applications.
•  Capacity planning and physical infrastructure.
•  Existing security controls, including user access and roles management, logging and monitoring, “4 eyes principle”, etc.
•  Application backups, redundancy solutions and recovery procedures.
•  Integrity of batch processing: appraisal of various interfaces between systems, batch file processing, direct changes via DB interface.

Annual SSPA control services 

View Brochure 

Advisory services aimed at review and improvement of how a company manages its network and identifies, corrects and prevents vulnerabilities in its design. Assessment of staff competences, adequacy of configuration of network systems and a change management process. Advisory services in network security area covering firewalls, IPS/ IDS and other network devices configurations and vulnerability assessments.

Applicable for card issuers and banks. Appraisal of existing protection of cardholder data, security of the network in which data circulates, available access control and monitoring measures and controls. Assessment and assistance in implementation of processes of physical handling of cards, key management and equipment maintenance. Physical and logical protection of ATM and POS terminals. Implementation and review of ATM security methodology.

Assessment and advisory in process of how IT handles and manages requests from users, how the problems are tracked, communicated and resolved at both primary and secondary levels of support. Quality of the support as well as reporting of key problems to the Management.

Annual SWIFT CSP control services 

View Brochure