IT Specialised Assurance services

IT Risk advisory

Leading organizations understand that risk management is a source of competitive advantage. By managing risks more effectively these organizations unleash their full potential, creating and protecting value for all of their stakeholders. We assist organisations in understanding risks associated with IT and emerging technologies and gaining assurance on controls pertaining to internal, regulatory and extended enterprise requirements. Our team possesses a wide range of skillsets around IT infrastructure, ERP’s, custom developed applications, service organisation controls and evolving digital technologies along with industry and sector specific capabilities.

At Deloitte Hungary we offer a wide range of IT risk advisory services, including IT Assurance, GRC (Governance, Risk and Compliance), Data Risk and Software Asset Management.

• We are able to support your organization to meet requirements including: ISAE 3402, SOC2, ISO27001, ISO 27701, ISO22301, TISAX, PCI DSS, PSD2, GDPR, etc.
  
• Our professionals accredited in the following technical certifications: CISA, CISM, CRISC, CISSP, ISO 27001, AWS and more
  

Offerings

IT Assurance

Our IT Assurance services provide attestation (or advisory) on IT procedures and controls, thus we help Clients to demonstrate their sound internal IT controls. Forms and aim of assurance (or advisory) can vary on a wide range, our experts are ready to help selecting the right one, meeting your needs.

• Service Organization Controls (SOC) 1 reporting (based on ISAE 3402 standard)
• Service Organization Controls (SOC) 2 reporting  (based on Trust service criteria)
• ISO 27001 Information Security Management System (including ISO 27701Privacy Information Management System)
• ISO 22301 Business Continuity Management System
• ISO25010 Systems and Software Engineering, Systems and Software Quality Requirements and Evaluation
• Trusted Information Security Assessment Exchange (TISAX)
  

Governance, risk and compliance

Our Governance, Risk and Compliance (GRC) services advises Clients to enhance their IT governance, ensure regulatory or vendor compliance, and manage various IT risks in an efficient manner.

• IT governance and IT policy advisory
• Financial sector regulatory compliance or vendor control framework reviews:
  • remote client identification review (based on 26/2020. HNB regulation)
  • system integrity review (based on 42/2015. gov decree)
  • electronic signature review (based on HNB 2019. May 9th letter and eIDAS 26 and 36)
  • PSD2 review (based on (EU) 2018/389 regulation)
  • SWIFT system review (based on SWIFT Customer Security Controls Framework)
  • PCI DSS review (based on PCI DSS Control Framework)
• IT risk assessment
• Artificial Intelligence risk advisory
• Identity and Access Management advisory
• Segregation of Duties design and mitigation
• GRC solution advisory and implementation  (SAP GRC, Servicenow, RSA Archer)

Data Risk

Deloitte’s Data Risk services advises clients in the growth and deployment of digital capabilities to protect and govern data, generate business insights, and enhance decision-making.

• Data governance and management advisory
• Business Intelligence advisory
• Migration controls and risks
• Data privacy controls, risk and solutions
• Data deletion solution design and implementation
• Data Leakage Prevention (DLP) solutions
• Log analysis and monitoring (SIEM) solutions

Software Asset Management

Our Software Asset Management (SAM) services are optimizing software costs and limiting compliance, operational, financial risk related to the ownership and use of software, through point-in-time solutions and ongoing managed service solutions.

• Vendor license audit support
• License optimization
• Used software purchase/sell
• License contract negotiation
• SAM maturity assessment and strategy creation
• SAM tool selection and implementation (SNOW)
• SAM trainings
• SAM managed services