According to the NIS Directive one of the key objectives is to introduce appropriate security measures for operators of essential services (OES) as well as for the digital service providers (DSP) in an effort to achieve a baseline, common level of information security within the European Union (EU) network and information systems.

The NIS compliant Cyber security audits offered by SafeByte Consulting is a major enabler to achieve this objective. Starting with 24 of August 2021, SafeByte Consulting is authorized by Romanian authorities to conduct NIS compliant security audits.

One of the primary goals of the audit, is to assess the design and operating effectiveness of the implemented controls on all layers, organizational, procedural and/or technical. An additional key outcome/goal would be the assessment of the implemented controls’ efficiency towards minimizing the identified risk. Finally, the following outcomes, is expected to be achieved during the IS audit lifecycle:

information and evidence about conformity or non-conformity to all the requirements of the legislative context or/and standards;
performance monitoring, measuring, reporting and reviewing against key performance objectives and targets;
auditee management systems and performance regarding the legal compliance;
review of design and operational effectiveness for all organizational and/or technical controls;
management responsibility for auditee policies;
review links between the normative requirements, policy, performance objectives and targets;
review any applicable legal requirements, responsibilities, competence of personnel; and
review operations, procedures, performance data and internal audit findings and conclusions.