The Hungarian Parliament on 15 April 2013 adopted the information security law that is applicable in the case of central and local governmental authorities. The law obliges the central and local governmental authorities to develop their IT system’s security level.
The main obligations in the first phase are the following:

  • nomination of the person who is responsible for the security of the IT system,
  • elaboration of the IT security strategy and IT security policy,
  • classification of the IT system in the proper safety class,
  • classification of the entire organization in the proper safety class.

The complex service portfolio developed by MultiContact Consulting ensures that the central and local governmental authorities will meet all the obligations related to the information security law. Our experts prepare the nomination of the person responsible for the security of the IT system, elaborate both the IT security strategy and the IT security policy. In order to offer high quality services, our working methodology is customized in accordance with the client’s needs.

THE AUDIT METHODOLOGY CONTAINS:

  • the assessment of the current IT security level,
  • gap analysis of the differences between the current situation and the situation obliged by the law, identification of the activities those are necessary to achieve the desired level of IT security (task, deadline, responsible, resource).

The preparatory analysis also included:

  • review and evaluation of the existing IT contract portfolio,
  • development of the SLA type contracts,
  • elaboration of the disaster recovery plan,
  • identification of the IT risks,
  • assessment of the IT support system.

Following the examination of the current status, our experts prepare the nomination of the person who will be responsible for the IT security by elaborating the job description and supporting the selection procedure. In the first phase, we propose the main structure of the IT security strategy and the working methodology. The working methodology is the same in the case elaboration of the IT security strategy and IT security policy. During the auditing process we pay special attention to the quality assurance of the elaborated documentation.


“Never measure the height of a mountain until you have reached the top. Then you will see how low it was.”

Dag Hammarskjold