The MDIA publishes guidelines to Systems Auditors

The newly established authority, the Malta Digital Innovation Authority (“MDIA”), which will be responsible for certifying Innovative Technology Arrangements and recognising service providers, such as Systems Auditors and Technical Administrators, has announced that it will be issuing a set of guidance notes aimed at assisting service providers and Technology Arrangements when approaching the MDIA for registration and certification.

These guidelines will be divided into the following four chapters:

Chapter 1 – Systems Auditors Guidelines

Chapter 2 – Innovative Technology Arrangement Guidelines

Chapter 3 – Technical Administrator Guidelines

Chapter 4 – Resident Agent Guidelines

The MDIA has published the first set of guidelines for consultation which are applicable to Systems Auditors providing services in relation to Technology Arrangements. The consultation period will be open until the 2nd October 2018.

Chapter 1 which has been published for consultation would apply to all interested parties who shall seek recognition from the MDIA as Systems Auditor and is divided into two parts:

Part A – Systems Auditor Guidelines

Part B – Systems Audit Report Guidelines

Part A focuses on:

  1. The Scope of the Systems Audit;

  2. The Application process and approval criteria for a Systems Auditor;

  3. The Revocation, cancellations or suspension of a Systems Auditor from the MDIA’s Register or Recognised Service Providers;

  4. The Engagement of the Systems Auditor including independence criteria that must be satisfied; and

  5. The Systems Audit Reports.

Part B provides more details on the Systems Audit Report which shall be issued by the Systems Auditors. These guidelines outline the expected form and structure of such audit reports which shall focus mainly on the following areas:

  1. Security;

  2. Processing Integrity;

  3. Availability;

  4. Confidentiality; and

  5. Protection of Personal Data.

Please feel free to contact us with any queries or comments on the consultation document for Chapter 1 – Systems Auditors Guidelines.