As CISA Auditor (Certified Information System Auditor) by ISACA I have been the first auditor in Spain to present to the WTO (collegiate medical organization) the first certification audit of the electronic private medical prescription system.
In a first phase we verify that, in general terms and always following the WTO criteria, that the software meets a series of established requirements. In a second phase, the final audit will be carried out, taking evidence of all the control points and requirements that this certification marks.
The audit has a series of steps: Study the approval requirements, analyze the system subject to certification, demonstrate compliance with control points, security, privacy, documentary, etc., as well as other issues such as analyzing the business continuity plan. , operations, disaster recovery plan or DRP, internal and external communication plan for incidents or crises, response plan and contingency of the information system for incidents….
I carry out audits that allow certifying computer solutions for document scanning, invoices, tickets, delivery notes, etc. with different success stories. The elimination of paper as a result of certified digitization is regulated by article 7 of Order EHA / 962/2007 where it specifies the standards, processes and steps that an organization or natural person must carry out for the elimination of paper after certified digitization.
As a differential point I work this type of turnkey project audits where I am generally hired for consulting and prior advice to comply with the regulations, pre-audit, audit and complete documentation (4 documents). In this way my clients only have to focus on adapting their solution to the points of NO conformities that it detects. Currently, in direct line with the Tax Agency I have a checklist that ensures success and certification in a matter of a few weeks (depending on the project).
The collaboration usually has the following phases: Training of the client technical team and detection of nonconformities, advice, pre-audit, audit and documentation.
As CISA Auditor (Certified Information System Auditor) by ISACA I carry out audits of the National Security Scheme. Remember that the ENS is applicable to State Administrations, Autonomous Communities and Entities of the Local Administration. Also to public law entities dependent on the above, to citizens in their relations with Public Administrations, to relations between different public administrations, to private sector operators that provide services or provide solutions to public entities.
The ENS that aims to establish the security policy in the use of electronic means, the main elements of the ENS being the following:
The basic principles to consider in security decisions.
The minimum requirements that allow adequate protection of information.
The mechanism to achieve compliance with the basic principles and minimum requirements by adopting security measures proportionate to the nature of the information and services to be protected.
The security audit.
The response to security incidents.
For ISO 27001 there are three dimensions of security, which are:
Confidentiality, which preserves the information so that it is only accessible or known by those who have authorization to do so.
Integrity, which preserves the information so that it is only altered by those who have authorization to do so. An extreme case is the suppression of information.
Availability, which guarantees that the information is accessible during the agreed period, normally through a service level agreement (SLA / ANS). It is usually a dimension associated with the services that process the information.
The National Security Scheme adds two additional dimensions to these three:
Authenticity, which guarantees that whoever carries out a procedure is really who they say they are or, from the point of view of information, guarantee that it is authentic.
Traceability, which ensures that all the procedures carried out are recorded, indicating who did them and at what precise moment or, from the point of view of the information, making it possible to verify afterwards who has accessed or modified it, and when.
As a digital transformation consultant I have worked for multinationals and SMEs in aligning their digital environment with their company’s strategy. In this collaboration, the first step is business from the past, in the short and medium term, through meetings with the business managers of each area to understand both the current and future strategy and their fit with the computer tools that the company has, detecting and delving into the potential improvement points of your digital environment.
I analyze the information technologies that support the business through meetings with suppliers, detect gaps and unmet needs, and finally, projects are proposed that resolve this situation, typically three years from now, prioritized with direction, and approximate estimates of their costs. I have led the digital transformation of national and multinational companies in sectors as diverse as logistics, pharmaceutical laboratories, manufacturing, distribution, law firms, …
I am Luis Vilanova, Computer Engineer, CISA Auditor from ISACA, Master in Artificial Intelligence, Machine and Deep Learning as well as chatbot and cognitive systems. Master in Cybersecurity by Deloitte, Auditor electronic private medical prescription, Web and app Auditor, certified digitalization auditor, Microsoft Dynamics Nav Certified, Odoo ERP Certified, Certified Auditor by ANECA in EURO-INF, Master MBA from the School of Business, PDD and other degrees from IESE, ITIL v3 Certificate, Master in Civil and Commercial Mediation, trained as ISO27001 Auditor by SGS and other degrees in human resources management, LOPD audit, Ethical Hacking, IT management …
With more than 20 years of experience, I work for all kinds of companies and organizations, as well as law firms, startups, etc. as auditor and consultant. I especially dedicate my work as an electronic private medical prescription auditor, certified digitization and digital transformation.
As CIO, part time CIO and technology advisor, I have led the alignment of information technologies with the company strategy of different organizations with heterogeneous sectors, sizes and cultures. The advantage of speaking the technical language but also the language of business, senior management and core business departments has allowed me to increase productivity in the IT area, improve perceived quality, provide useful and future solutions to the company and above all designing and executing IT plans that have aligned ICT with the company’s strategy.
I have founded reference portals today such as www.peritaje.ai www.leyesytecnologia.com www.cexia.es www.tasacioninformatica.com.
I am also a Digital Transformation blogger at Kyocera Solutions, a computer audit trainer at www.eoi.es, a digital consultant at www.red.es, among others.
I have been summoned to carry out an analysis work where we can write a report that we present to the government for the acceleration in the use of telemedicine, by the hand of an important business school.
Collaborating with an important business intelligence consultancy in advising and creating an artificial intelligence area.
Audits for 3 companies: 2 multinationals and 1 startup