MDIA and MFSA Blockchain System Audits
System Audits are mandatory for Issuers and Service Providers applying for a licence under the Virtual Financial Assets (VFA) Act and for Innovative Technology Arrangements (ITA) seeking a voluntary certification under Malta Digital Innovation Authority (MDIA) certification process and guidelines which focus on five key principles:
- Security – The system must be protected and completely secure from unauthorised access (both physical and logical).
- Availability – The system is available for operational use as committed and/or agreed.
- Processing Integrity – The system processing is complete, accurate, timely, and authorised.
- Confidentiality – The system will protect any information or data that is designated as confidential.
- Privacy – The system will collect, use, retain, disclose, or dispose of personal information in full conformity with the commitments in the organisations privacy notice.
The system audit can be categorised into two different sets:
- Type I Systems Audit
- Carried out on a certain and specified date and takes an in depth look at the control design.
- Typically carried when an ITA is in the process of applying to be certified by the Authority; or when deemed necessary by the Authority, or other Lead Authority in Malta.
- Type II Systems Audit
- Carried out over a certain period of time, usually six months. The focus of this Type is to ascertain the operational effectiveness of the controls that are in place.
- Carried out periodically during the operational lifetime of an ITA; or on the request of the Authority or other Lead Authority in Malta (e.g. MFSA)
As a licenced Systems Auditor, BDO can provide the following services to businesses requiring a mandatory Systems Audit under the VFA Act, and to businesses voluntarily registering their ITA with the MDIA:
- System Audit
- BDO Technology Advisory Limited is licenced by the MDIA to conduct both Type I and Type II Systems Audits
- Readiness assessment
- BDO Malta can assess the state of an entity’s SOC 2 readiness by evaluating the kind of ITA that is being offered, the specific Control Objectives that are applicable, and any controls that are relevant to the delivery of the service. Additionally, processes, privacy, information security, procedures, system configuration, and organisational structure are examined and evaluated in detail, prior to a System Audit being conducted.
BDO is currently the only Firm licenced to operate both as a Systems Auditor and a VFA Agent.
Download BDO Systems Audit Brochure.
Download BDO VFA Agent Advisory Brochure.
Download MDIA Systems Auditor Certificate.
Get in touch:
*BDO Technology Advisory Limited is licensed by the MDIA to act as a System Auditor for VFA Issuers, VFA Service Providers and ITAs seeking voluntary certification.
*BDO Fintech Advisory Limited is licensed by the MFSA to act as a VFA Agent for VFA Issuers and VFA Service Providers.