The Malta Digital Innovation Authority (MDIA) has issued for consultation a new guidance note aimed at assisting Service Providers and Innovative Technology Arrangements seeking recognition by the MDIA.
This new guidance note sets out the procedure required for a Systems Auditor to apply to be recognised as an Enhanced Systems Auditor and carry out an Enhanced Systems Audit
The aim of the guidance note is to set out the rationale for the need to introduce the notion of Enhanced Systems Audit (“ESA”), which are obligatory for Innovative Technology Arrangements (“ITAs”) that are deemed to be either safety-critical, or operate in a domain for which the relevant competent authority requires additional security.
The consultation considers an ITA to be safety-critical if through its normal behaviour, its failure or irregularity in its functionality, and operations, poses either:
- a direct health or safety risk for people; or
- an indirect one by having an adverse effect on a critical infrastructure.
The document classifies which ITAs shall require an ESA, the entities which can perform such an audit, as well as outlining the additional requirements on the Applicant and the Systems Auditor when applying for certification of such ITAs with the MDIA.