Security audits

In the course of our cooperation with numerous companies in the field of personal databases, we have diagnosed recurring problems with companies’ satisfaction of restrictive GIODO requirements mandated under the Personal Data Protection Act.

Taking a proactive approach to our clients’ needs, we have developed solutions, procedures and proven paths that enable us to quickly prepare individual, flexible plans for documenting information security management systems that meet legal requirements.

We conduct registration of personal databases with GIODO, which starts with an analysis of the datasets processed, then continues through preparation of documentation for the information security management system (privacy policy and instructions on managing the IT system together with the relevant annexes, authorizations and control lists), and ends with registration of the database.

Our clients can order audits of their existing procedures, during which we primarily check personal data acquisition processes, data processing during marketing activities and entrusting of data. Also important for us are aspects relating to the storage of personal data and estimating the risk of criminal liability incurred by persons participating in the processing of personal data.

Every audit results in the preparation of a thorough report spelling out the actions that should be taken and scope of improvements or changes that should be made to the company’s procedures.

A natural consequence of an audit could be training employees in database processing, including:

the duties imposed on the Personal Data Administrator,
the role of the Information Security Administrator,
safe entrusting of personal data,
documentation requirements,
rules for destroying and deleting personal data.

We always begin our services with a non-obliging assessment of the company’s needs – on this basis you may decide whether to order the service or not.