Under Act No. 69/2018 Coll. on Cybersecurity of 30 January 2018, a cybersecurity audit verifies the fulfillment of obligations under the law and assesses the compliance of the adopted security measures with requirements under related special regulations relating to the security of networks and information systems of an operator of a basic service for individual networks and information systems of the basic service and for supporting essential services to ensure the required level of cybersecurity and prevent cybersecurity incidents. Audits are undertaken to identify deficiencies in cybersecurity provision by the operator of the basic service so that measures can be taken to eliminate and correct them and prevent cybersecurity incidents.
Cybersecurity audits must be performed by an auditor certified by an accredited certification body.
Audits must be undertaken every two years and in the event of any significant change, no later than two months after the change has a significant impact on the implemented security measures.