Antifraud Law software audit.
We audit the adaptation of the
software until its approval.
Penalties of more than 150,000 EUROS.
AEAT Regulation — draft — already available.
Audit software Antifraud Law. We accompany you until the final approval, according to the AEAT. It has the guarantee of a specialized and experienced team in experts and software approvals before Organisms.
In our Anti-Fraud Law Software Audit we analyze the processes and use cases that affect the new law, especially the billing, accounting…
We analyze the controls applied to the different dimensions, such as traceability, determining their sufficiency.
Degree of compliance
We determine the level of compliance with all the controls that must be applied, including proposals for improvements.
What does our audit include
Since there is still no formal certification procedure, as CISA auditors by ISACA and experts collaborating with the justice, we propose the preparation of an audit report that includes the best practices of the industry aligned with the description of this Law , such as regulations TICKETBAI (Government of Navarra and Basque Government) or the NF525 standard of France, among others, proposing the following structure of the report:
- Analysis of architecture, functionality and software processes that affect or apply to this law.
- Verification of the different points of good practices selected, including some of other internationally accepted standards in terms of Confidentiality, Availability, Integrity, Traceability and Identity of ISO27001, ISO27002 or ISO27017, among others.
- Report of gaps and recommendations, as well as proposal of an action plan for improvement.
- Adhesion documents that end customers must recognize.
- All this signed by a CISA auditor for ISACA and expert collaborator with justice.
- Follow-up and accompaniment until certification in technical controls and requirements.
Anti-fraud law software audit in 5 phases.
As CISA auditors (Certified Information System Auditor), our method for software audit Antifraud Law includes the phases accepted in other information security standards and good practices that start from the understanding of the case to be audited to the recommendations for improvement and action plan, in a series of very different phases.
The definition of the use cases of the audited software that generally allow CRUD operations (Create, Read, Update, Delete) to be carried out on any record or transaction related to invoices, accounting, budgeting, stock movements, etc. is essential in order to understand the operation of the computer system, sometimes closely linked to the sector or sectors where it operates, to determine the key points that will mark the start of the next phase.
Once the sensitive use cases of being affected by the new anti-fraud law Article 201 bis Law 11-2021 have been determined, analyzed and understood, we determine the mapping of the dimensions required by this law (traceability, availability, etc.) and the controls that at the time of the audit they have been implemented for compliance.
Assessing the risks, with a method based on risk scenarios, we determine the necessary controls to improve or implement, based on the good practices of the most important security and cybersecurity management standards, taking into account how it impacts the business model ( on-premise, cloud,…) both to the manufacturer and to the client and their obligations regarding the law. In this case we present a complete gap analysis.
Specification of the degree of compliance
Determined by the results previously obtained, we propose an analysis of the degree of compliance, including an action plan agreed upon with the client that ensures, before third parties, not only active concern for compliance with the law, but also an approach to resolving those gaps that arise. have been able to find, including our recommendations.
Finally, our report, signed by a judicial expert, CISA auditor, is delivered to our client offering a series of advantages, shown in the following block.
Have an independent report signed by a CISA auditor (Certified Information System Auditor) by ISACA and an expert collaborating with the justice system on the degree of compliance with the New Law.
Offer to third parties
Offer to third parties, clients and others, a report that objectively evaluates the good practices of the industry that apply to this law, the degree of compliance and, if applicable, an action plan for any gaps that may exist.
With this service, the client will be very close to complying with the official certification that will be published shortly, since the good practices for compliance with it are audited and evaluated.
As a marketing and strategic tool, you will be able to inform your clients and third parties of the audit that has been submitted, transmitting to your clients a level of professionalism and concern for the applicable regulations under this law, differentiating yourself from the competition.
Warranty And experience.
Signature and certifications
- Auditor CISA by ISACA.
- Auditor ANECA in the EURO-INF program.
- ISO27001 by SGS.
- Computer and telecommunications engineer.
- Master MBA, PDD, Cybersecurity and Cybercrime (Deloitte).
We collaborate with Justice and AEAT.
- AEAT Certified Digitization Auditors.
- Digital advisor at www.red.es.
- Member Association of Experts Collaborating with the Justice of the Communities of Madrid and Valencia.
- Certified judicial computer auditor expert.
Offices in Madrid and Valencia
- Leaders in the Spanish market.
- Budget without commitment.
- We audit, advise and accompany until the final certification.
- Phases and methodology, audit and final report.
- We accompany you throughout the entire process until your software complies.
- Private area with documents of interest, regulations, for your company and clients.
are you interested
A few days ago we held another webinar, for more than 100 companies that, in general, are interested and concerned
Aligned on the right path. In this post we want to spread the webinar “New Anti-Fraud Law: how does it
One of the parts of article 201 bis, which all computer development must comply with, is the certification in the