How to prepare for your IT security
The intention of an IT security audit is to provide assurance that the firm is operating in a compliant manner within its own stated policies and that these policies meet the requirements of specific regulatory framework, the FCA in the UK, and the CBI in Ireland. An IT security audit can help to bridge any gaps between a firm’s compliance obligations and their IT and security controls.
The European Banking Authority (EBA) Guidelines are used by national regulators in the EU and UK and require firms to undertake an annual risk assessment and report findings and actions to the regulator. The guidelines also require an independent audit of ICT controls periodically as well as the annual testing of ‘critical’ systems and the testing of ‘non-critical’ systems every 3 years.