Blockchain (DLT) System Audits
System Audits are mandatory for Issuers and Service Providers applying for a licence under the Virtual Financial Assets (VFA) Act and for Innovative Technology Arrangements (ITA) seeking a voluntary certification under Malta Digital Innovation Authority (MDIA) certification process and guidelines which focus on five key principles:
- Security – The system must be protected and completely secure from unauthorised access (both physical and logical).
- Availability – The system is available for operational use as committed and/or agreed.
- Processing Integrity – The system processing is complete, accurate, timely, and authorised.
- Confidentiality – The system will protect any information or data that is designated as confidential.
- Privacy – The system will collect, use, retain, disclose, or dispose of personal information in full conformity with the commitments in the organisations privacy notice.
The system audit can be categorised into two different sets:
Type I Systems Audit
Carried out on a certain and specified date and takes an in depth look at the control design.
Typically carried when an ITA is in the process of applying to be certified by the Authority; or when deemed necessary by the Authority, or other Lead Authority in Malta
Type II Systems Audit
Carried out over a certain period of time, usually six months. The focus of this Type is to ascertain the operational effectiveness of the controls that are in place.
Carried out periodically during the operational lifetime of an ITA; or on the request of the Authority or other Lead Authority in Malta (e.g. MFSA)
As a licenced Systems Auditor, BDO can provide the following services to businesses requiring a mandatory Systems Audit under the VFA Act, and to businesses voluntarily registering their ITA with the MDIA:
BDO Technology Advisory Limited is licenced by the MDIA to conduct both Type I and Type II Systems Audits
BDO Malta can assess the state of an entity’s SOC 2 readiness by evaluating the kind of ITA that is being offered, the specific Control Objectives that are applicable, and any controls that are relevant to the delivery of the service. Additionally, processes, privacy, information security, procedures, system configuration, and organisational structure are examined and evaluated in detail, prior to a System Audit being conducted.
BDO is licenced to operate as a Systems Auditor by the Malta Digital Innovation Agency (MDIA)
Get in touch:
To see this form ReCaptcha
has to be activated, and it is required to accept marketing cookies. Please accept marketing cookies
to submit this form.
*BDO Technology Advisory Limited is licensed by the MDIA to act as a System Auditor for VFA Issuers, VFA Service Providers and ITAs seeking voluntary certification.