Download our Mobile App on:
The MDIA has recently issued its first round of consultation for 2019 entitled ‘Enhanced Systems Audit/or Guidelines’, which is aimed at setting out the need to introduce the notion of Enhanced Systems Audit (ESA), obligatory for ITAs that are either deemed to be safety-critical, or operate in a domain for which the relevant Lead Authority requires additional security.
Nonetheless, this document identifies which ITAs will require an Enhanced Systems Audit, who can perform an audit, and the additional requirements which are placed on the Applicant and the Systems Auditor when applying for the Certification of such ITAs with the Malta Digital Innovation Authority.
At the current moment, the MDIA has two types of Systems Audits:
New applicants are subject to a Type 1 audit, where the Systems Auditor delves into whether the description of the ITA is accurately presented and whether the controls included in the description are suitably designed to meet the applicable criteria. On the other hand, ITAs which are already active are periodically subject to a Type 2 audit which includes an opinion on the operating effectiveness of the controls during the period covered such audit.
Therefore, this proposal of creating an Enhanced Systems Audit (ESA) for High-Risk ITAs will be the third type of Systems Audit available.
For a service provider to be recognised as an ESA, it must: