Where do you need to start?
If you’re a company that falls under the applicable categories, you need to take several courses of action. These include first familiarising yourself with the MFSA ICT Guidance document and trying to identify how this can or may impact your operations. To do this, you should have a firm understanding of the types of data your firm processes, how they are processed, and how and where they are stored.
MFSA ICT Guidance: Gap Analysis
Through a gap analysis of your firm’s current policies and procedures, we will provide you with the know-how to remediate any non-conformities which arise. Our solution allows for a conclusive breakdown of any gaps in procedures or risks which prevent your firm from demonstrating compliance with the MFSA ICT Guidance.
How can we help your company?
Assessing whether you’re in line with the guidelines and ensuring compliance is a time and resource-consuming task. It is a smart decision to engage a third-party expert to assist. This is not only to speed up the process while lessening the burden on your staff but also to ensure the utmost accuracy throughout.
BDO Malta can assist your company with the following services:
- Assessment of your firm’s current standing with the guidance document, through a tailor-made Gap Analysis.
- Provision of a clear and concise remediation plan, identifying the actions required to become compliant with the MFSA’s Guidance document.
- Assurance of Information Security within your firm’s Technology Arrangements.
- Identification of risks your firm faces through a proportionality considered Risk Analysis.
- Implementation and compliance with an ICT Governance framework and Strategy.
- Assist with the implementation of a Third-party Management process, addressing outsourced IT arrangements.
- Designing of relevant tailored policies including Information Security, Business Continuity, Outsourcing, Change Management, Project Management, Incident Response (or assurance of your firm’s current policies)
- Identification and provision of a comprehensive Training and Awareness program covering Information Security & acceptable practices.