![Ivan Spiteri Director](/getmedia/a8ae0fe6-e22f-41a4-b5f8-00168467b27c/Ivan-Spiteri-280x280px.png?width=280&height=280&ext=.png)
Ivan Spiteri
System Audits are mandatory for Issuers and Service Providers applying for a licence under the Virtual Financial Assets (VFA) Act and for Innovative Technology Arrangements (ITA) seeking a voluntary certification under Malta Digital Innovation Authority (MDIA) certification process and guidelines which focus on five key principles:
The system audit can be categorised into two different sets:
Carried out on a certain and specified date and takes an in depth look at the control design.
Typically carried when an ITA is in the process of applying to be certified by the Authority; or when deemed necessary by the Authority, or other Lead Authority in Malta
Carried out over a certain period of time, usually six months. The focus of this Type is to ascertain the operational effectiveness of the controls that are in place.
Carried out periodically during the operational lifetime of an ITA; or on the request of the Authority or other Lead Authority in Malta (e.g. MFSA)
BDO Malta can assess the state of an entity’s SOC 2 readiness by evaluating the kind of ITA that is being offered, the specific Control Objectives that are applicable, and any controls that are relevant to the delivery of the service. Additionally, processes, privacy, information security, procedures, system configuration, and organisational structure are examined and evaluated in detail, prior to a System Audit being conducted.
Ivan Spiteri