Martin Hořický
Cybersecurity has been addressed only through private entities, without sufficient coordination and legal regulation. Cyber protection was ineffective and fragmented. There were no security standards for important government systems and a coordinated approach to cybersecurity was needed. For these and many other reasons, the Cybersecurity Act, was enacted in the country.
What is Cybersecurity Act?
The purpose of the Act on Cyber Security No. 181/2014 Coll. is mainly to increase the security of cyberspace and the state's efforts to protect that part of the infrastructure whose disruption would lead to damage or threat to the interests of the Czech Republic. Currently, in view of the forthcoming EU NIS2 Directive, an amendment to the Cybersecurity Act is being prepared.
Why do you need the Cybersecurity Act?
The obligations arising from the BCL affect a certain range of persons who must comply with and are under the control of the NCIB and the NSA. This does not mean that other entities do not need to be protected from the ever-increasing number of security threats. These entities can use the CCB and the Decree as inspiration and a suitable methodology to increase the level of cybersecurity in their organization.
BDO's approach
BDO offers audit services as per the requirements of the Cybersecurity Act and is ready to implement the Cybersecurity Act into your organization to align it with the requirements of the Cybersecurity Act.
Cybersecurity Act to your organization with BDO in 4 steps:
The first part of our approach is preparation, during which we will review the existing documentation with you and help you modify and improve it if necessary.
We will perform a GAP analysis to identify any discrepancies between the current state and the requirements of the BDO.
This will result in a project and implementation plan including prioritized actions to be implemented.
Furthermore, we will act as a support for the implementation of individual measures, e.g. setting up a risk management process, developing security policies and documentation or setting up technical measures.