Material and financial performance of contracts
Based on a submission, an audit in the Nuclear Regulatory Authority of the Slovak Republic (NRA) was also included in the audit activities plan by the SAO SR. The SAO SR has examined how NRA ensures the protection of administrative and agenda information systems not directly related to the safety of nuclear facilities. The audit examined contracts with two suppliers that provide services to the Office related to the operation of these IT systems.
The SAO SR found that in the case of the audited contracts, no security requirements for services, conditions for remote access to these information systems and ensuring the control of compliance with security requirements were set. This was related to the fact that NRA did not have a defined security policy, nor its objectives and obligations for the management of information security of public administration.
It also had no internal rules in force governing the basic rules for ensuring information security and for setting requirements for suppliers of services and goods in the field of ICT. During the audited period, control and audit activities were not performed smoothly due to frequent personnel changes. A control mechanism in the area of ??information security management, provision and implementation of internal control or audit of information security has not been established. Based on the results of the audit, it is possible to state reserves in the effectiveness and efficiency of internal control. The SAO SR proposed several recommendations to eliminate the identified shortcomings.
The full text of the press release about this topic in Slovak language is available here. Use the Google icon in the top bar for automatic translation into the desired language.