The team of BDO in Ukraine delivered an information security audit project for a subsidiary of a global online retailer operating in the Spanish market.
The objective of the project was to assess the compliance of the security system with the requirements of Spain’s National Security Framework (Esquema Nacional de Seguridad, ENS) and to determine the extent to which the existing information security management processes comply with applicable regulatory standards.
Companies operating in the e‑commerce sector process large volumes of user data, financial information, and transactions. For this reason, the implementation of effective mechanisms to protect information systems is critical for such organizations.
In the context of this project, the client was required to undergo a planned compliance assessment of its security systems against the requirements of ENS — Spain’s National Security Framework (Esquema Nacional de Seguridad), which establishes standards for the protection of information systems.
Meeting this requirement involves not only a formal review of documentation but also a comprehensive analysis of actual security management processes, technical configurations, and implemented controls.
Prior to the commencement of the audit, the client faced several key challenges:
BDO’s approach to security system audits
To deliver this project, the team of BDO in Ukraine applied a structured, phased approach to assessing the compliance of the client’s security system.
- Collection of security system information
At the first stage, BDO professionals gathered baseline information on the existing information security management system. The analysis performed enabled the team to obtain a realistic view of how the security system operates and to identify areas requiring further review.
- Assessment of compliance with ENS requirements
At the second stage, BDO experts performed a detailed analysis of the collected information and benchmarked the client’s actual practices against the requirements of Spain’s National Security Framework. A tailored analytical approach enabled the identification of key risks and potential areas for improvement.
- Development of recommendations
The final stage of the project involved the development of recommendations to address the identified non‑compliance issues. BDO experts prepared a structured set of measures, which became the basis for the further enhancement of the client’s security system.
Audit results and client outcomes
The security system audit provided the client with a comprehensive understanding of the current state of its security framework.
As a result of the project, the company obtained:
- Identified gaps
A structured list of security weaknesses and gaps identified against ENS requirements. - Practical recommendations for improvement
Clear and actionable recommendations to address non‑compliance and strengthen cybersecurity. - Foundation for further development of the security system
Audit results provided a basis for the continued improvement of the information security management system.
BDO in Ukraine supports organizations with information security audits, providing relevant services and assessing compliance with international and national standards.
Our experts help organizations to:
- assess the compliance of security systems with regulatory requirements
- conduct cybersecurity and IT controls audits
- identify risks within digital infrastructure
- develop practical recommendations to enhance the level of cyber protection
Please contact us for more information.
