General Regulations and Standards

Although cyber protection is the responsibility of each individual company, it is necessary to ensure its functioning in the event of a sudden event from the point of view of the entire economy. A well-targeted attack can disable a company for months and cause tens of millions of crowns in damage.

As cyber incidents can fundamentally threaten key infrastructure, the EU at the European level, and hence the National Authority for Cyber and Information Security (NCIS), is legislating on the issue of cyber security.

At a time of growing digital dependence and increasing cyber threats, the European Union revised the Network and Information Security Directive, giving rise to the directive NIS2.

This Directive, which will become part of national legislation across the European Union by October 2024 at the latest, brings new rules and requirements for companies and organisations.

What is NIS2?

The NIS2 regulation was created as the European Union's response to the deepening digitalisation of society and the associated growing cyber threats in the European space. It builds on the existing Network and Information Security (NIS) framework, which was adopted in 2016.

NIS2 significantly expands the scope of the current legislation and presents a new solution to strengthen and secure European cyberspace.

The Czech Republic has a distinct advantage over some Member States as it has implemented and well-developed the Cyber Security Act (CSA).

What is ZKB?

The purpose of the Act on Cyber Security (ZKB) No. 181/2014 Coll. is mainly to increase the security of cyberspace and the state's efforts to protect that part of the infrastructure whose disruption would lead to damage or threat to the interests of the Czech Republic.

The changes introduced by the NIS2 Directive are substantial and will have an impact on companies that have not been subject to the existing regulations. Therefore, the NCIS has taken on this task by preparing a completely new law on cyber security and its decrees, which should be approved in 2024.

Information is essential for the proper functioning of an organisation. Its efficient and especially secure processing is an important topic today. It is important to protect information adequately, especially against unauthorised access, leakage, destruction or loss. That is why there is an Information Security Management System (ISMS) that helps to manage information throughout its life cycle.

What is ISO 27001, ISMS?

ISO/IEC 27001 is an internationally applicable standard or framework for information security management systems, called ISMS. It is based on the three basic principles of confidentiality, availability and integrity. In particular, the ISMS defines the requirements for information security trust management for employees, processes, IT systems and company strategy. The adoption of an ISMS should be one of the fundamental strategic decisions of an organisation.

Why do you need an ISMS?

ISO 27001 certification is an essential pillar for protecting your assets. Holding an ISMS certificate according to the standard assures your customers that they have secured not only their own data, but also client data, as well as proactively managing and handling confidential data. By implementing an ISMS, an organization can identify potential risks and threats from information leakage and loss, thereby minimizing them.

BDO's approach

We offer our clients a complete process for implementing an information security management system into their organization, including preparation for a certification audit. Implement an ISMS into your organization with BDO in the following 5 steps.

First, we will conduct an initial information review where the necessary ISMS documentation will be reviewed and we will help you modify or improve it if necessary.
We will define the scope of the ISMS including the stated responsibilities for the information security management system and help you modify or create security policies.
We will review your asset inventory and asset management system. If your organization does not manage assets, we will suggest an appropriate methodology and help with implementation.
We will provide consulting services and support in risk identification. We will help you design or implement an appropriate methodology for their assessment and management within the ISMS.
We will help your organization prepare for a certification audit to obtain ISO/IEC 27001 certification.