{"id":7191,"date":"2026-05-26T13:30:06","date_gmt":"2026-05-26T11:30:06","guid":{"rendered":"https:\/\/logmanager.com\/?post_type=learning_hub&#038;p=7191"},"modified":"2026-05-27T10:52:27","modified_gmt":"2026-05-27T08:52:27","slug":"co-je-it-compliance","status":"publish","type":"learning_hub","link":"https:\/\/logmanager.com\/cs\/learn\/co-je-it-compliance\/","title":{"rendered":"IT compliance: Kl\u00ed\u010dov\u00e9 regulace a po\u017eadavky"},"content":{"rendered":"\n<p>Spr\u00e1vn\u00e9 nastaven\u00ed IT compliance nen\u00ed jen o vyh\u00fdb\u00e1n\u00ed se pokut\u00e1m a napl\u0148ov\u00e1n\u00ed checkbox\u016f. Je to syst\u00e9m chr\u00e1n\u00edc\u00ed procesy chr\u00e1n\u00edc\u00ed organizace p\u0159ed riziky a buduj\u00edc\u00ed d\u016fv\u011bru z\u00e1kazn\u00edk\u016f. V tomto \u010dl\u00e1nku se dozv\u00edte, co compliance v IT obn\u00e1\u0161\u00ed. P\u0159edstav\u00edme kl\u00ed\u010dov\u00e9 regulace a nab\u00eddneme praktick\u00fd n\u00e1vod, jak nastavit \u00fa\u010dinn\u00e1 opat\u0159en\u00ed pro napln\u011bn\u00ed souladu s regulacemi.<\/p>\n\n\n\n<p>V roce 2018 za\u017eila spole\u010dnost British Airways masivn\u00ed <a href=\"https:\/\/www.theguardian.com\/business\/2020\/oct\/16\/ba-fined-record-20m-for-customer-data-breach\" target=\"_blank\" rel=\"noopener\">\u00fanik dat<\/a>, p\u0159i kter\u00e9m \u00fato\u010dn\u00edci z\u00edskali p\u0159\u00edstup k osobn\u00edm a platebn\u00edm \u00fadaj\u016fm v\u00edce ne\u017e 400 tis\u00edc jej\u00edch z\u00e1kazn\u00edk\u016f.<\/p>\n\n\n\n<p>Britsk\u00fd \u00fa\u0159ad pro ochranu osobn\u00edch \u00fadaj\u016f tehdy ud\u011blil aerolince pokutu ve v\u00fd\u0161i 20 milion\u016f liber za selh\u00e1n\u00ed v zabezpe\u010den\u00ed dat z\u00e1kazn\u00edk\u016f a poru\u0161en\u00ed GDPR (General Data Protection Regulation).<\/p>\n\n\n\n<p>\u0160kody v\u0161ak p\u0159es\u00e1hly finan\u010dn\u00ed sankce. Do\u0161lo ke ztr\u00e1t\u011b d\u016fv\u011bry z\u00e1kazn\u00edk\u016f, n\u00e1sledovaly soudn\u00ed \u017ealoby a spole\u010dnost \u010delila d\u016fkladn\u00e9 kontrole. Tato situace nemusela nastat, kdyby British Airways po\u017eadavky stanoven\u00e9 Obecn\u00fdm na\u0159\u00edzen\u00edm o ochran\u011b osobn\u00edch \u00fadaj\u016f (GDPR), jako jsou p\u0159\u00edsn\u011bj\u0161\u00ed kontrola p\u0159\u00edstupu k aplikac\u00edm, a \u0161ifrov\u00e1n\u00ed, dodr\u017eovala.<\/p>\n\n\n\n<p>Tento p\u0159\u00edpad ukazuje, \u017ee IT compliance nen\u00ed jen o vyh\u00fdb\u00e1n\u00ed se pokut\u00e1m, ale jde p\u0159edev\u0161\u00edm o systematickou ochranu syst\u00e9m\u016f, z\u00e1kazn\u00edk\u016f a kontinuity podnik\u00e1n\u00ed.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"flex-shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p><strong>TL;DR<\/strong><br \/>\n<strong>IT compliance<\/strong> znamen\u00e1 dodr\u017eov\u00e1n\u00ed p\u0159edpis\u016f, oborov\u00fdch standard\u016f a bezpe\u010dnostn\u00edch r\u00e1mc\u016f za \u00fa\u010delem ochrany dat, zaji\u0161t\u011bn\u00ed integrity syst\u00e9m\u016f a vyhnut\u00ed se pr\u00e1vn\u00edm a finan\u010dn\u00edm postih\u016fm. \u010cl\u00e1nek pokr\u00fdv\u00e1 dev\u011bt hlavn\u00edch r\u00e1mc\u016f: GDPR, NIS2, HIPAA, PCI DSS, ISO 27001, SOC 2, GLBA, FISMA a SOX. Ka\u017ed\u00fd c\u00edl\u00ed na jin\u00e1 odv\u011btv\u00ed a typy dat, ale v\u0161echny sd\u00edlej\u00ed spole\u010dn\u00e9 po\u017eadavky jako \u0161ifrov\u00e1n\u00ed, \u0159\u00edzen\u00ed p\u0159\u00edstupu, auditn\u00ed logy a pl\u00e1ny reakce na incidenty.<\/p>\n<p>Udr\u017een\u00ed souladu s p\u0159edpisy nen\u00ed jednor\u00e1zov\u00e1 z\u00e1le\u017eitost. Vy\u017eaduje pr\u016fb\u011b\u017en\u00e9 monitorov\u00e1n\u00ed, pravideln\u00e9 audity, \u0161kolen\u00ed zam\u011bstnanc\u016f a sledov\u00e1n\u00ed v\u00fdvoje legislativy.<\/p>\n<p>Pro napln\u011bn\u00ed a udr\u017een\u00ed souladu s regulac\u00ed je obvykle t\u0159eba \u0161esti krok\u016f: GAP anal\u00fdza, pl\u00e1n n\u00e1pravn\u00fdch opat\u0159en\u00ed, dokumentace politik, \u0161kolen\u00ed zam\u011bstnanc\u016f, pr\u016fb\u011b\u017en\u00e9 monitorov\u00e1n\u00ed a sledov\u00e1n\u00ed zm\u011bn v p\u0159edpisech.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Co je IT compliance?<\/h2>\n\n\n\n<p>IT compliance znamen\u00e1 dodr\u017eov\u00e1n\u00ed pr\u00e1vn\u00edch p\u0159edpis\u016f, bezpe\u010dnostn\u00edch standard\u016f a oborov\u00fdch regulac\u00ed, kter\u00e9 se t\u00fdkaj\u00ed spr\u00e1vy a ochrany dat, IT syst\u00e9m\u016f a digit\u00e1ln\u00edch proces\u016f. Jin\u00fdmi slovy, jde o procesy zaji\u0161\u0165uj\u00edc\u00ed, \u017ee IT prost\u0159ed\u00ed organizace odpov\u00edd\u00e1 pravidl\u016fm, kter\u00e1 na n\u011b kladou z\u00e1kony, normy a smlouvy.<\/p>\n\n\n\n<p>IT compliance, p\u0159edev\u0161\u00edm ve v\u011bt\u0161\u00edch a legislativou regulovan\u00fdch firm\u00e1ch, m\u016f\u017ee zahrnovat \u0161irok\u00e9 spektrum po\u017eadavk\u016f. Ty mohou b\u00fdt rozd\u011bleny do n\u00e1sleduj\u00edc\u00edch kategori\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Regulatorn\u00ed compliance <\/strong>\u2013 Legislativn\u00ed regulace chr\u00e1n\u00edc\u00ed soukrom\u00ed dat a bezpe\u010dnost syst\u00e9m\u016f s c\u00edlem vyztu\u017eit obranyschopnost kl\u00ed\u010dov\u00fdch odv\u011btv\u00ed, trh\u016f nebo subjekt\u016f. V r\u00e1mci IT bezpe\u010dnosti sem spadaj\u00ed nap\u0159\u00edklad evropsk\u00e9 regulace GDPR nebo NIS2. Poru\u0161en\u00ed legislativn\u00edch po\u017eadavk\u016f s sebou obvykle nese finan\u010dn\u00ed a jin\u00e9 sankce.<\/li>\n\n\n\n<li><strong>Oborov\u00e9 (pr\u016fmyslov\u00e9) standardy <\/strong>\u2013 Jedn\u00e1 se o best practices vytvo\u0159en\u00e9 pro specifick\u00e1 odv\u011btv\u00ed. Jejich c\u00edlem je zajistit jednotn\u00fd p\u0159\u00edstup k bezpe\u010dnosti, \u0159\u00edzen\u00ed rizik a zaji\u0161t\u011bn\u00ed kvality slu\u017eeb v r\u00e1mci dan\u00e9ho oboru. Jako p\u0159\u00edklad lze uv\u00e9st standardy PCI-DSS pro subjekty, kter\u00e9 zpracov\u00e1vaj\u00ed, p\u0159en\u00e1\u0161ej\u00ed nebo uchov\u00e1vaj\u00ed data o dr\u017eitel\u00edch platebn\u00edch karet a transakc\u00edch, nebo HIPAA pro ochranu zdravotn\u00edch informac\u00ed pacient\u016f v USA.<\/li>\n\n\n\n<li><strong>Bezpe\u010dnostn\u00ed n\u00e1mce <\/strong>\u2013 Jedn\u00e1 se o mezin\u00e1rodn\u011b uzn\u00e1van\u00e9 standardy, kter\u00e9 pomoc\u00ed ov\u011b\u0159en\u00fdch metodik pom\u00e1haj\u00ed organizac\u00edm pro \u0159\u00edzen\u00ed informa\u010dn\u00ed bezpe\u010dnosti. Tyto r\u00e1mce nejsou sice vy\u017eadov\u00e1ny legislativou, ale organizace je velmi \u010dasto vyu\u017e\u00edvaj\u00ed v r\u00e1mci sv\u00e9 compliance strategie. P\u0159\u00edkladem m\u016f\u017ee b\u00fdt norma ISO\/IEC 27001, certifikace SOC 2 (Service Organization Control Type 2) nebo NIST Cybersecurity Framework.<\/li>\n\n\n\n<li><strong>Provozn\u00ed compliance<\/strong> \u2013 Jedn\u00e1 se o soubor postup\u016f a proces\u016f, kter\u00e9 maj\u00ed za c\u00edl aby intern\u00ed IT syst\u00e9my z\u016fstaly funk\u010dn\u00ed, bezpe\u010dn\u00e9 a dostupn\u00e9. Spadaj\u00ed sem nap\u0159\u00edklad z\u00e1ruky. dostupnosti slu\u017eby, pl\u00e1n obnovy po hav\u00e1ri\u00edch a postupy reakce na incidenty.<\/li>\n\n\n\n<li><strong>Smluvn\u00ed compliance<\/strong> \u2013 Firmy se \u010dasto zavazuj\u00ed k dodr\u017eov\u00e1n\u00ed bezpe\u010dnostn\u00edch pravidel a a kvality slu\u017eeb prost\u0159ednictv\u00edm dohod o zaji\u0161t\u011bn\u00ed \u00farovn\u011b slu\u017eeb (SLA), NDA, smluv se z\u00e1kazn\u00edky nebo partnery. Nedodr\u017een\u00ed t\u011bchto z\u00e1vazk\u016f m\u00e1 obvykle finan\u010dn\u00ed a reputa\u010dn\u00ed d\u016fsledky pro organizaci.<\/li>\n<\/ul>\n\n\n\n<p>V\u011bt\u0161ina IT compliance regulac\u00ed sd\u00edl\u00ed z\u00e1kladn\u00ed soubor bezpe\u010dnostn\u00edch a provozn\u00edch po\u017eadavk\u016f, mezi n\u011b\u017e obvykle pat\u0159\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0160ifrov\u00e1n\u00ed dat<\/li>\n\n\n\n<li>Kontrola p\u0159\u00edstup\u016f<\/li>\n\n\n\n<li>Pl\u00e1nov\u00e1n\u00ed reakce na incidenty<\/li>\n\n\n\n<li>Pravideln\u00e9 audity a hodnocen\u00ed rizik<\/li>\n\n\n\n<li>\u0160kolen\u00ed zam\u011bstnanc\u016f o bezpe\u010dnosti<\/li>\n\n\n\n<li>Spr\u00e1va bezpe\u010dnosti t\u0159et\u00edch stran<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">P\u0159\u00ednosy a v\u00fdzvy IT compliance<\/h2>\n\n\n\n<p>IT compliance znamen\u00e1 mnohem v\u00edce ne\u017e jen napl\u0148ov\u00e1n\u00ed checkbox\u016f pro vyh\u00fdb\u00e1n\u00ed se pokut\u00e1m. Je to d\u016fle\u017eit\u00e1 sou\u010d\u00e1st zaji\u0161t\u011bn\u00ed funguj\u00edc\u00edch, transparentn\u00edch proces\u016f v IT a ochrany p\u0159ed bezpe\u010dnostn\u00edmi hrozbami a v\u00fdpadky provozu.<\/p>\n\n\n\n<p>IT compliance je t\u0159eba br\u00e1t v\u00e1\u017en\u011b p\u0159edev\u0161\u00edm z n\u00e1sleduj\u00edc\u00edch d\u016fvod\u016f:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sni\u017euje bezpe\u010dnostn\u00ed rizika.<\/strong> Firmy se slab\u0161\u00edmi bezpe\u010dnostn\u00edmi opat\u0159en\u00edmi jsou snadn\u011bj\u0161\u00edm c\u00edlem kybernetick\u00fdch \u00fatok\u016f. Compliance r\u00e1mce vy\u017eaduj\u00ed, aby firmy udr\u017eovaly z\u00e1kladn\u00ed kybernetickou hygienu, jako je \u0161ifrov\u00e1n\u00ed, kontrola p\u0159\u00edstup\u016f a monitoring hrozeb, co\u017e pom\u00e1h\u00e1 p\u0159edch\u00e1zet \u00fatok\u016fm a koncep\u010dn\u011b na n\u011b reagovat.<\/li>\n\n\n\n<li><strong>Zaji\u0161\u0165uje stabilitu provozu.<\/strong> Compliance \u010dasto zahrnuje pl\u00e1n chov\u00e1n\u00ed p\u0159i neo\u010dek\u00e1van\u00fdch ud\u00e1lostech, hav\u00e1ri\u00edch a v\u00fdpadc\u00edch. M\u016f\u017ee vy\u017eadovat p\u0159\u00edpravu pl\u00e1n\u016f obnovy, zp\u016fsoby zaji\u0161t\u011bn\u00ed garance dostupnosti slu\u017eby, opat\u0159en\u00ed pro zv\u00fd\u0161en\u00ed odolnosti syst\u00e9m\u016f a podobn\u011b.<\/li>\n\n\n\n<li><strong>Buduje d\u016fv\u011bru z\u00e1kazn\u00edk\u016f a partner\u016f.<\/strong> Firmy, kter\u00e9 dodr\u017euj\u00ed IT compliance, p\u0159\u00edpadn\u011b se dobrovoln\u011b zavazuj\u00ed k pln\u011bn\u00ed bezpe\u010dnostn\u00edch r\u00e1mc\u016f, jsou m\u00e9n\u011b n\u00e1chyln\u00e9 k po\u0161kozen\u00ed sv\u00e9 pov\u011bsti. Nav\u00edc, z\u00e1kazn\u00edci a partne\u0159i, zejm\u00e9na v B2B prost\u0159ed\u00ed, preferuj\u00ed spolupr\u00e1ci se subjekty, kter\u00e9 chr\u00e1n\u00ed data a dodr\u017euj\u00ed oborov\u00e9 standardy.<\/li>\n\n\n\n<li><strong>Posiluje konkuren\u010dn\u00ed v\u00fdhodu:<\/strong> Mnoz\u00ed velc\u00ed z\u00e1kazn\u00edci po\u017eaduj\u00ed od dodavatel\u016f spln\u011bn\u00ed compliance standard\u016f je\u0161t\u011b p\u0159ed uzav\u0159en\u00edm smluv. Certifikace jako SOC 2 nebo ISO 27001 mohou b\u00fdt kl\u00ed\u010dov\u00fdm faktorem p\u0159i z\u00edsk\u00e1v\u00e1n\u00ed nov\u00fdch obchodn\u00edch p\u0159\u00edle\u017eitost\u00ed.<\/li>\n<\/ul>\n\n\n\n<p>Dost\u00e1t IT compliance povinnostem \u010dasto znamen\u00e1 dodr\u017eovat spletit\u00fd syst\u00e9m proces\u016f. Subjekty se p\u0159i tom obvykle pot\u00fdkaj\u00ed s probl\u00e9my jako:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sledov\u00e1n\u00ed zm\u011bn regulac\u00ed<\/strong> \u2013 Legislativy i compliance standardy se v \u010dase vyv\u00edjej\u00ed a firmy se mus\u00ed adaptovat. Zejm\u00e9na je t\u0159eba sledovat zm\u011bny v norm\u00e1ch, kter\u00e9 vy\u017eaduj\u00ed pravideln\u00e9 obnovov\u00e1n\u00ed certifikac\u00ed, jako je ISO 27001 (ka\u017ed\u00e9 t\u0159i roky).<\/li>\n\n\n\n<li><strong>\u0158\u00edzen\u00ed v\u00edce soub\u011b\u017en\u00fdch po\u017eadavk\u016f<\/strong> \u2013 Mnoho firem mus\u00ed dodr\u017eovat n\u011bkolik regulac\u00ed sou\u010dasn\u011b. Nap\u0159\u00edklad mezin\u00e1rodn\u00ed firma m\u016f\u017ee pot\u0159ebovat z\u00e1rove\u0148 splnit GDPR, PCI-DSS a ISO 27001.<\/li>\n\n\n\n<li><strong>Vyva\u017eov\u00e1n\u00ed bezpe\u010dnosti a pou\u017eitelnosti<\/strong> \u2013 Nen\u00ed neobvykl\u00e9, \u017ee p\u0159\u00edsn\u00e1 bezpe\u010dnostn\u00ed pravidla vytv\u00e1\u0159ej\u00ed tlak na&nbsp; zam\u011bstnance a z\u00e1kazn\u00edky, co\u017e m\u016f\u017ee v\u00e9st k pokus\u016fm o jejich obch\u00e1zen\u00ed nebo nedodr\u017eov\u00e1n\u00ed. Nap\u0159\u00edklad \u0161patn\u011b funguj\u00edc\u00ed VPN, kterou firma vy\u017eaduje, m\u016f\u017ee zam\u011bstnance frustrovat natolik, \u017ee hledaj\u00ed zp\u016fsoby, jak jej\u00ed pou\u017eit\u00ed obej\u00edt.<\/li>\n\n\n\n<li><strong>N\u00e1klady na compliance<\/strong> \u2013 Spln\u011bn\u00ed standard\u016f IT compliance vy\u017eaduje n\u00e1kup bezpe\u010dnostn\u00edch n\u00e1stroj\u016f, prov\u00e1d\u011bn\u00ed audit\u016f, alokov\u00e1n\u00ed lid\u00ed pro dohled nad dodr\u017eov\u00e1n\u00edm, a pr\u00e1vn\u00ed expert\u00edzu. To m\u016f\u017ee b\u00fdt n\u00e1kladn\u00e9, zejm\u00e9na pro rostouc\u00ed firmy.<\/li>\n\n\n\n<li><strong>Lidsk\u00e9 chyby a intern\u00ed hrozby<\/strong> \u2013 I p\u0159es siln\u00e1 bezpe\u010dnostn\u00ed opat\u0159en\u00ed mohou nespr\u00e1vn\u00e9 konfigurace, lidsk\u00e9 chyby a nedostate\u010dn\u00e1 \u0161kolen\u00ed vytv\u00e1\u0159et mezery v dodr\u017eov\u00e1n\u00ed compliance.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">7 p\u0159\u00edklad\u016f IT compliance regulac\u00ed<\/h2>\n\n\n\n<p>R\u016fzn\u00e1 odv\u011btv\u00ed a organizace mus\u00ed dodr\u017eovat r\u016fzn\u00e9 p\u0159edpisy k ochran\u011b citliv\u00fdch dat a zaji\u0161t\u011bn\u00ed integrity syst\u00e9m\u016f. Nap\u0159\u00edklad sm\u011brnice NIS2 v Evrop\u011b se vztahuje pouze na ur\u010dit\u00e9 sektory a firmy nad ur\u010ditou velikost.<\/p>\n\n\n\n<p>A\u010dkoli se detaily li\u0161\u00ed, v\u011bt\u0161ina r\u00e1mc\u016f se zam\u011b\u0159uje na zabezpe\u010den\u00ed informac\u00ed, prevenci \u00fatok\u016f a zaji\u0161t\u011bn\u00ed funk\u010dn\u00edch proces\u016f v r\u00e1mci digit\u00e1ln\u00edho prost\u0159ed\u00ed. Poj\u010fme se pod\u00edvat na sedm kl\u00ed\u010dov\u00fdch IT compliance norem, regulac\u00ed a r\u00e1mc\u016f, a jejich dopad na provoz organizace.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ISO\/IEC 27001: Glob\u00e1ln\u00ed standard informa\u010dn\u00ed bezpe\u010dnosti<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"682\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/iso-27001-compliance-illustration-1024x682.png\" alt=\"ISO 27001 compliance image\" class=\"wp-image-3685\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/iso-27001-compliance-illustration-1024x682.png 1024w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/iso-27001-compliance-illustration-300x200.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/iso-27001-compliance-illustration-768x512.png 768w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/iso-27001-compliance-illustration-1536x1023.png 1536w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/iso-27001-compliance-illustration-2048x1364.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-xs-font-size\"><a href=\"https:\/\/www.canva.com\" target=\"_blank\" rel=\"noopener\">source<\/a><\/p>\n\n\n\n<p>Pro spole\u010dnosti p\u016fsob\u00edc\u00ed mezin\u00e1rodn\u011b je <a href=\"https:\/\/www.iso.org\/about\" target=\"_blank\" rel=\"noopener\">ISO 27001<\/a> \u0161iroce uzn\u00e1van\u00fdm compliance r\u00e1mcem pro spr\u00e1vu bezpe\u010dnosti informac\u00ed. ISO firm\u00e1m pom\u00e1h\u00e1 vytvo\u0159it syst\u00e9m \u0159\u00edzen\u00ed informa\u010dn\u00ed bezpe\u010dnosti (ISMS), tedy soubor politik, postup\u016f a strategi\u00ed v oblasti IT.<\/p>\n\n\n\n<p>Compliance vy\u017eaduje nastaven\u00ed bezpe\u010dnostn\u00edch rol\u00ed, kontrolu p\u0159\u00edstup\u016f a kontinu\u00e1ln\u00ed zlep\u0161ov\u00e1n\u00ed zabezpe\u010den\u00ed digit\u00e1ln\u00edch aktiv.<\/p>\n\n\n\n<p>Kl\u00ed\u010dov\u00e9 po\u017eadavky relevantn\u00ed pro IT t\u00fdmy:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Z\u00e1vazek veden\u00ed:<\/strong> ISO 27001 vy\u017eaduje zapojen\u00ed nejvy\u0161\u0161\u00edho veden\u00ed, aby bezpe\u010dnost informac\u00ed byla kl\u00ed\u010dovou sou\u010d\u00e1st\u00ed strategie organizace.<\/li>\n\n\n\n<li><strong>Hodnocen\u00ed a \u0159\u00edzen\u00ed rizik:<\/strong> Organizace mus\u00ed prov\u00e1d\u011bt form\u00e1ln\u00ed hodnocen\u00ed rizik a implementovat bezpe\u010dnostn\u00ed opat\u0159en\u00ed na z\u00e1klad\u011b jejich \u00farovn\u011b.<\/li>\n\n\n\n<li><strong>Kontinu\u00e1ln\u00ed monitorov\u00e1n\u00ed a zlep\u0161ov\u00e1n\u00ed:<\/strong> Dodr\u017eov\u00e1n\u00ed compliance nen\u00ed jednor\u00e1zovou certifikac\u00ed, ale vy\u017eaduje pr\u016fb\u011b\u017en\u00e9 audity, monitorov\u00e1n\u00ed bezpe\u010dnosti a aktualizace bezpe\u010dnostn\u00edch proces\u016f.<\/li>\n<\/ul>\n\n\n\n<p>Mnoho organizac\u00ed podstupuje certifikaci ISO 27001 s c\u00edlem prok\u00e1zat dodr\u017eov\u00e1n\u00ed osv\u011bd\u010den\u00fdch bezpe\u010dnostn\u00edch postup\u016f, sn\u00ed\u017eit kybernetick\u00e1 rizika a p\u0159\u00edpadn\u011b z\u00edskat konkuren\u010dn\u00ed v\u00fdhodu p\u0159i z\u00edsk\u00e1v\u00e1n\u00ed zak\u00e1zek nebo navazov\u00e1n\u00ed spolupr\u00e1ce s glob\u00e1ln\u00edmi partnery.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">NIS2: Pos\u00edlen\u00ed kybernetick\u00e9 bezpe\u010dnosti nap\u0159\u00ed\u010d Evropskou Uni\u00ed<\/h3>\n\n\n\n<p>Sm\u011brnice NIS2 (Network and Information Systems Directice) m\u00e1 zlep\u0161it kybernetickou odolnost \u010dlensk\u00fdch st\u00e1t\u016f Evropsk\u00e9 unie a jej\u00edho vnit\u0159n\u00edho trhu. Vztahuje se na \u0159adu ve\u0159ejn\u00fdch i soukrom\u00fdch subjekt\u016f v sektorech jako energetika, bankovnictv\u00ed, zdravotnictv\u00ed, finance a digit\u00e1ln\u00ed infrastruktura. Po\u017eadavky sm\u011brnice \u010dlensk\u00e9 st\u00e1ty transponuj\u00ed do vlastn\u00ed legislativy prost\u0159ednictv\u00edm z\u00e1kon\u016f.<\/p>\n\n\n\n<p>NIS2 nahrazuje p\u016fvodn\u00ed sm\u011brnici NIS a p\u0159in\u00e1\u0161\u00ed nov\u00e9 bezpe\u010dnostn\u00ed po\u017eadavky, \u0161ir\u0161\u00ed rozsah p\u016fsobnosti a p\u0159\u00edsn\u011bj\u0161\u00ed dohledov\u00e9 mechanismy. Nedodr\u017een\u00ed po\u017eadavk\u016f sm\u011brnice m\u016f\u017ee v\u00e9st k vysok\u00fdm pokut\u00e1m a mana\u017ee\u0159i mohou b\u00fdt osobn\u011b zodpov\u011bdn\u00ed za nedostatky v kybernetick\u00e9 bezpe\u010dnosti.<\/p>\n\n\n\n<p>Firmy podl\u00e9haj\u00edc\u00ed sm\u011brnici NIS2 mus\u00ed splnit roz\u0161\u00ed\u0159en\u00e9 bezpe\u010dnostn\u00ed povinnosti, v\u010detn\u011b:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u0158\u00edzen\u00ed bezpe\u010dnosti zalo\u017een\u00e9 na riziku:<\/strong> Implementace proaktivn\u00edch opat\u0159en\u00ed p\u0159izp\u016fsoben\u00fdch specifick\u00fdm rizik\u016fm sektoru.<\/li>\n\n\n\n<li><strong>Po\u017eadavky na hl\u00e1\u0161en\u00ed incident\u016f:<\/strong> Hl\u00e1sit z\u00e1va\u017en\u00e9 bezpe\u010dnostn\u00ed incidenty do 24 hodin a do 72 hodin p\u0159edlo\u017eit \u00faplnou zpr\u00e1vu.<\/li>\n\n\n\n<li><strong>Bezpe\u010dnost dodavatelsk\u00e9ho \u0159et\u011bzce:<\/strong> Zajistit, \u017ee t\u0159et\u00ed strany spl\u0148uj\u00ed standardy NIS2.<\/li>\n\n\n\n<li><strong>Kontinu\u00e1ln\u00ed monitoring a pl\u00e1nov\u00e1n\u00ed odolnosti:<\/strong> Zav\u00e9st syst\u00e9my pro detekci hrozeb a udr\u017eov\u00e1n\u00ed dostupnosti slu\u017eeb.<\/li>\n\n\n\n<li><strong>Odpov\u011bdnost veden\u00ed a sankce:<\/strong> Vrcholov\u00e9 veden\u00ed odpov\u00edd\u00e1 za compliance s mo\u017en\u00fdmi pr\u00e1vn\u00edmi d\u016fsledky za nedbalost. Veden\u00ed povinn\u00fdch subjekt\u016f tak bude muset \u00fazce spolupracovat s IT t\u00fdmy, aby bezpe\u010dnostn\u00ed strategie odpov\u00eddaly regula\u010dn\u00edm po\u017eadavk\u016fm.<\/li>\n<\/ul>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"flex-shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p>\u2192 Podrobn\u011bj\u0161\u00ed informace o t\u00e9to sm\u011brnici a o tom, jak <a href=\"https:\/\/logmanager.com\/cs\/reseni\/log-management\/\">log management<\/a> a SIEM pom\u00e1haj\u00ed zajistit soulad s n\u00ed, najdete v na\u0161em \u010dl\u00e1nku o <a href=\"https:\/\/logmanager.com\/cs\/blog\/it-compliance\/role-log-managementu-a-siem-v-novem-zakonu-o-kyberneticke-bezpecnosti\/\">NIS2<\/a>.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">3. GDPR: Ochrana osobn\u00edch \u00fadaj\u016f a soukrom\u00ed<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"679\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/gdpr-compliance-illustration-1024x679.png\" alt=\"GDPR compliance img\" class=\"wp-image-3681\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/gdpr-compliance-illustration-1024x679.png 1024w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/gdpr-compliance-illustration-300x199.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/gdpr-compliance-illustration-768x510.png 768w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/gdpr-compliance-illustration.png 1248w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-xs-font-size\"><a href=\"https:\/\/www.canva.com\" target=\"_blank\" rel=\"noopener\">source<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/gdpr-info.eu\/\" target=\"_blank\" rel=\"noopener\">Obecn\u00e9 na\u0159\u00edzen\u00ed o ochran\u011b osobn\u00edch \u00fadaj\u016f<\/a> (GDPR) je hlavn\u00ed evropsk\u00e1 regulace na ochranu osobn\u00edch \u00fadaj\u016f, kter\u00e1 d\u00e1v\u00e1 lidem kontrolu nad jejich osobn\u00edmi \u00fadaji. Plat\u00ed celosv\u011btov\u011b pro v\u0161echny organizace, kter\u00e9 sb\u00edraj\u00ed, zpracov\u00e1vaj\u00ed nebo ukl\u00e1daj\u00ed \u00fadaje ob\u010dan\u016f EU.<\/p>\n\n\n\n<p>GDPR stanovuje pravidla pro u\u017eivatelsk\u00fd souhlas s p\u0159ed\u00e1n\u00edm \u00fadaj\u016f, zpracov\u00e1n\u00ed dat a jejich zabezpe\u010den\u00edm. Nedodr\u017een\u00ed pravidel GDPR m\u016f\u017ee v\u00e9st k v\u00fdrazn\u00fdm finan\u010dn\u00edm sankc\u00edm, kter\u00e9 mohou dos\u00e1hnout a\u017e 20 milion\u016f eur nebo 4 % celosv\u011btov\u00e9ho ro\u010dn\u00edho obratu, podle toho, kter\u00e1 hodnota je vy\u0161\u0161\u00ed.<\/p>\n\n\n\n<p>IT t\u00fdmy hraj\u00ed kl\u00ed\u010dovou roli p\u0159i zaji\u0161\u0165ov\u00e1n\u00ed souladu s GDPR implementac\u00ed technick\u00fdch a procesn\u00edch opat\u0159en\u00ed, v\u010detn\u011b:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u0160ifrov\u00e1n\u00ed dat a kontrola p\u0159\u00edstupu:<\/strong> Ochrana osobn\u00edch \u00fadaj\u016f p\u0159ed neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem a zaji\u0161t\u011bn\u00ed, aby citliv\u00e9 informace mohly prohl\u00ed\u017eet pouze opr\u00e1vn\u011bn\u00e9 osoby.<\/li>\n\n\n\n<li><strong>Bezpe\u010dn\u00e9 uchov\u00e1v\u00e1n\u00ed a retence dat:<\/strong> Zabezpe\u010den\u00e9 ukl\u00e1d\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f v souladu s principy minimalizace dat a jejich omezen\u00e9ho uchov\u00e1v\u00e1n\u00ed.<\/li>\n\n\n\n<li><strong>Podpora pr\u00e1v subjekt\u016f \u00fadaj\u016f:<\/strong> Umo\u017en\u011bn\u00ed u\u017eivatel\u016fm p\u0159\u00edstupu ke sv\u00fdm \u00fadaj\u016fm, jejich opravy, odstran\u011bn\u00ed nebo p\u0159enosu na \u017e\u00e1dost.<\/li>\n\n\n\n<li><strong>Pl\u00e1nov\u00e1n\u00ed reakce na incidenty:<\/strong> Detekce, hl\u00e1\u0161en\u00ed a \u0159e\u0161en\u00ed \u00fanik\u016f dat v r\u00e1mci 72hodinov\u00e9ho okna stanoven\u00e9ho GDPR.<\/li>\n\n\n\n<li><strong>Pravideln\u00e9 audity a monitoring compliance:<\/strong> Neust\u00e1l\u00e9 hodnocen\u00ed a zlep\u0161ov\u00e1n\u00ed politik zabezpe\u010den\u00ed dat tak, aby odpov\u00eddaly aktu\u00e1ln\u00edm regulac\u00edm.<\/li>\n<\/ul>\n\n\n\n<p>Nedodr\u017een\u00ed GDPR m\u016f\u017ee v\u00e9st k vysok\u00fdm finan\u010dn\u00edm sankc\u00edm. P\u0159\u00edkladem je <a href=\"https:\/\/www.reuters.com\/technology\/amazon-loses-court-fight-against-record-812-mln-luxembourg-privacy-fine-2025-03-19\/\" target=\"_blank\" rel=\"noopener\">pokuta spole\u010dnosti Amazon<\/a> ve v\u00fd\u0161i 746 milion\u016f eur za nespr\u00e1vn\u00e9 postupy p\u0159i zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f.Pokuta byla ud\u011blena na z\u00e1klad\u011b st\u00ed\u017enosti francouzsk\u00e9 skupiny La Quadrature du Net z roku 2018, kter\u00e1 tvrdila, \u017ee syst\u00e9m c\u00edlen\u00ed reklamy Amazonu fungoval bez \u0159\u00e1dn\u00e9ho souhlasu.<\/p>\n\n\n\n<p>Tento p\u0159\u00edpad ukazuje rizika spojen\u00e1 s nesouladem intern\u00edch politik zpracov\u00e1n\u00ed a ochrany dat s pravidly GDPR.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. HIPAA: Ochrana zdravotnick\u00fdch \u00fadaj\u016f<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/hipaa-compliance-illustration-1024x683.png\" alt=\"HIPAA compliance img\" class=\"wp-image-3683\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/hipaa-compliance-illustration-1024x683.png 1024w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/hipaa-compliance-illustration-300x200.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/hipaa-compliance-illustration-768x512.png 768w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/hipaa-compliance-illustration-1536x1024.png 1536w, https:\/\/logmanager.com\/wp-content\/uploads\/2025\/04\/hipaa-compliance-illustration.png 2010w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-xs-font-size\"><a href=\"https:\/\/www.canva.com\" target=\"_blank\" rel=\"noopener\">source<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/laws-regulations\/index.html\" target=\"_blank\" rel=\"noopener\">Z\u00e1kon o p\u0159enositelnosti a odpov\u011bdnosti zdravotn\u00edho poji\u0161t\u011bn\u00ed<\/a> (HIPAA) je feder\u00e1ln\u00ed z\u00e1kon USA, jeho\u017e c\u00edlem je ochrana zdravotn\u00edch informac\u00ed pacient\u016f p\u0159ed neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem, zneu\u017eit\u00edm a \u00fanikem dat.<\/p>\n\n\n\n<p>Z\u00e1kon plat\u00ed pro poskytovatele zdravotn\u00ed p\u00e9\u010de, poji\u0161\u0165ovny a jak\u00e9koli t\u0159et\u00ed strany, kter\u00e9 nakl\u00e1daj\u00ed se zdravotn\u00edmi \u00fadaji pacient\u016f. Poru\u0161en\u00ed pravidel HIPAA m\u016f\u017ee v\u00e9st k v\u00fdznamn\u00fdm finan\u010dn\u00edm sankc\u00edm, pr\u00e1vn\u00edm krok\u016fm a po\u0161kozen\u00ed reputace.<\/p>\n\n\n\n<p>IT t\u00fdmy ve zdravotnictv\u00ed a souvisej\u00edc\u00edch oborech mus\u00ed zajistit p\u0159\u00edsn\u00e9 bezpe\u010dnostn\u00ed kontroly pro spln\u011bn\u00ed HIPAA, v\u010detn\u011b:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u0160ifrov\u00e1n\u00ed dat a kontrola p\u0159\u00edstup\u016f:<\/strong> Ochrana elektronick\u00fdch zdravotn\u00edch z\u00e1znam\u016f (EHR) pomoc\u00ed siln\u00e9ho \u0161ifrov\u00e1n\u00ed a omezen\u00ed p\u0159\u00edstupu podle rol\u00ed.<\/li>\n\n\n\n<li><strong>Bezpe\u010dn\u00e9 uchov\u00e1v\u00e1n\u00ed a p\u0159enos PHI:<\/strong> Zaji\u0161t\u011bn\u00ed ochrany v\u0161ech \u00fadaj\u016f pacient\u016f, a\u0165 u\u017e jsou ulo\u017eeny nebo p\u0159en\u00e1\u0161eny, p\u0159ed neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem \u010di zachycen\u00edm.<\/li>\n\n\n\n<li><strong>Auditn\u00ed z\u00e1znamy a monitoring:<\/strong> Veden\u00ed z\u00e1znam\u016f o p\u0159\u00edstupu a zm\u011bn\u00e1ch dat pro detekci neopr\u00e1vn\u011bn\u00e9 aktivity a spln\u011bn\u00ed auditn\u00edch po\u017eadavk\u016f.<\/li>\n\n\n\n<li><strong>Reakce na incidenty a hl\u00e1\u0161en\u00ed \u00fanik\u016f:<\/strong> M\u00edt zaveden\u00e9 protokoly pro detekci, omezen\u00ed a hl\u00e1\u0161en\u00ed \u00fanik\u016f dat do 60 dn\u016f, jak vy\u017eaduje pravidlo HIPAA Breach Notification.<\/li>\n\n\n\n<li><strong>Pravideln\u00e9 hodnocen\u00ed rizik a \u0161kolen\u00ed compliance:<\/strong> Prov\u00e1d\u011bn\u00ed pravideln\u00fdch bezpe\u010dnostn\u00edch hodnocen\u00ed a vzd\u011bl\u00e1v\u00e1n\u00ed zam\u011bstnanc\u016f o osv\u011bd\u010den\u00fdch postupech ochrany dat.<\/li>\n<\/ul>\n\n\n\n<p>Na rozd\u00edl od GDPR, kter\u00e9 se vztahuje na v\u0161echny osobn\u00ed \u00fadaje, se HIPAA zam\u011b\u0159uje specificky na zdravotnick\u00e9 informace a zabezpe\u010den\u00ed zdravotn\u00edch z\u00e1znam\u016f pacient\u016f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. PCI-DSS: Zabezpe\u010den\u00ed \u00fadaj\u016f o platebn\u00edch kart\u00e1ch<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.pcisecuritystandards.org\/about_us\/\" target=\"_blank\" rel=\"noopener\">The Payment Card Industry Data Security Standard<\/a> (PCI-DSS) je soubor bezpe\u010dnostn\u00edch pravidel navr\u017een\u00fdch k ochran\u011b transakc\u00ed s platebn\u00edmi kartami a platebn\u00edch \u00fadaj\u016f p\u0159ed podvody a \u00faniky dat. Plat\u00ed pro ka\u017edou organizaci, kter\u00e1 zpracov\u00e1v\u00e1, ukl\u00e1d\u00e1 nebo p\u0159en\u00e1\u0161\u00ed \u00fadaje o dr\u017eitel\u00edch karet, v\u010detn\u011b maloobchodn\u00edk\u016f, e-commerce platforem a zpracovatel\u016f plateb.<\/p>\n\n\n\n<p>Nedodr\u017een\u00ed PCI-DSS m\u016f\u017ee v\u00e9st k pokut\u00e1m, zv\u00fd\u0161en\u00fdm transak\u010dn\u00edm poplatk\u016fm a dokonce ke ztr\u00e1t\u011b mo\u017enosti p\u0159ij\u00edmat platby kartami.<\/p>\n\n\n\n<p>Aby IT t\u00fdmy splnily po\u017eadavky PCI-DSS, mus\u00ed zav\u00e9st bezpe\u010dnostn\u00ed opat\u0159en\u00ed pro ochranu platebn\u00edch dat, v\u010detn\u011b:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Segmentace s\u00edt\u00ed a firewally:<\/strong> Odd\u011blen\u00ed platebn\u00edch syst\u00e9m\u016f od ostatn\u00edch s\u00edt\u00ed a konfigurace firewall\u016f k blokov\u00e1n\u00ed neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu.<\/li>\n\n\n\n<li><strong>\u0160ifrov\u00e1n\u00ed a tokenizace:<\/strong> \u0160ifrov\u00e1n\u00ed \u00fadaj\u016f o dr\u017eitel\u00edch karet b\u011bhem p\u0159enosu a pou\u017eit\u00ed tokenizace ke sn\u00ed\u017een\u00ed rizika \u00faniku citliv\u00fdch informac\u00ed.<\/li>\n\n\n\n<li><strong>Kontrola p\u0159\u00edstupu a autentizace:<\/strong> Omezen\u00ed p\u0159\u00edstupu k platebn\u00edm dat\u016fm pouze na nezbytn\u00e9 osoby a zaveden\u00ed v\u00edcefaktorov\u00e9 autentizace (MFA) pro v\u0161echny administrativn\u00ed u\u017eivatele.<\/li>\n\n\n\n<li><strong>\u0158\u00edzen\u00ed zranitelnost\u00ed a aktualizace:<\/strong> Pravideln\u00e9 testov\u00e1n\u00ed bezpe\u010dnostn\u00edch zranitelnost\u00ed, rychl\u00e1 aplikace softwarov\u00fdch aktualizac\u00ed a \u010dtvrtletn\u00ed skenov\u00e1n\u00ed s\u00edt\u011b.<\/li>\n\n\n\n<li><strong>Logov\u00e1n\u00ed a monitoring:<\/strong> Zaveden\u00ed centralizovan\u00e9ho sb\u011bru log\u016f pro detekci podvod\u016f v re\u00e1ln\u00e9m \u010dase a uchov\u00e1v\u00e1n\u00ed z\u00e1znam\u016f minim\u00e1ln\u011b po dobu jednoho roku, jak je po\u017eadov\u00e1no.<\/li>\n<\/ul>\n\n\n\n<p>Na rozd\u00edl od GDPR nebo HIPAA nen\u00ed PCI-DSS legislativn\u011b vynucen\u00fd z\u00e1kon. Compliance je ale vynucov\u00e1na v\u0161emi v\u00fdznamn\u00fdmi vydavateli platebn\u00edch karet, a to pro v\u0161echny firmy p\u0159ij\u00edmaj\u00edc\u00ed platby kartami. IT t\u00fdmy dot\u010den\u00fdch subjekt\u016f tak mus\u00ed spolupracovat se zpracovateli plateb a bezpe\u010dnostn\u00edmi dodavateli, aby udr\u017eely bezpe\u010dn\u00e9 prost\u0159ed\u00ed pro platby a p\u0159edch\u00e1zely podvod\u016fm.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6. SOC 2: Zaji\u0161t\u011bn\u00ed d\u016fv\u011bry v bezpe\u010dnost cloudu a SaaS<\/h3>\n\n\n\n<p><a href=\"https:\/\/soc2.co.uk\/\" target=\"_blank\" rel=\"noopener\">Service Organization Control 2 (SOC 2)<\/a> je dobrovoln\u00fd r\u00e1mec kybernetick\u00e9 bezpe\u010dnosti vyvinut\u00fd Americk\u00fdm institutem certifikovan\u00fdch \u00fa\u010detn\u00edch (AICPA). Vztahuje se na poskytovatele cloudov\u00fdch slu\u017eeb, SaaS spole\u010dnosti a jak\u00e9koliv organizace, kter\u00e9 spravuj\u00ed z\u00e1kaznick\u00e1 data v cloudu.<\/p>\n\n\n\n<p>IT t\u00fdmy mus\u00ed neust\u00e1le monitorovat bezpe\u010dnostn\u00ed opat\u0159en\u00ed, dokumentovat soulad se standardem a p\u0159ipravovat se na audity, aby udr\u017eely status souladu se SOC 2.<\/p>\n\n\n\n<p>Soulad se SOC 2 je zalo\u017een na p\u011bti krit\u00e9ri\u00edch d\u016fv\u011bryhodn\u00fdch slu\u017eeb,kter\u00e9 IT t\u00fdmy mus\u00ed implementovat:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Bezpe\u010dnost:<\/strong> Ochrana z\u00e1kaznick\u00fdch dat pomoc\u00ed firewall\u016f, detekce pr\u016fnik\u016f a kontrol p\u0159\u00edstupu.<\/li>\n\n\n\n<li><strong>Dostupnost:<\/strong> Zaji\u0161t\u011bn\u00ed provozuschopnosti syst\u00e9m\u016f pomoc\u00ed redundance, monitoringu dostupnosti a pl\u00e1n\u016f obnovy po hav\u00e1ri\u00edch.<\/li>\n\n\n\n<li><strong>Integrita zpracov\u00e1n\u00ed:<\/strong> Prevence neopr\u00e1vn\u011bn\u00fdch \u00faprav dat prost\u0159ednictv\u00edm bezpe\u010dn\u00e9ho v\u00fdvoje softwaru a auditn\u00edch z\u00e1znam\u016f.<\/li>\n\n\n\n<li><strong>D\u016fv\u011brnost:<\/strong> \u0160ifrov\u00e1n\u00ed citliv\u00fdch z\u00e1kaznick\u00fdch dat a omezen\u00ed p\u0159\u00edstupu podle rol\u00ed.<\/li>\n\n\n\n<li><strong>Soukrom\u00ed:<\/strong> Prosazov\u00e1n\u00ed politik ochrany dat v souladu s dohodami o ochran\u011b soukrom\u00ed a o\u010dek\u00e1v\u00e1n\u00edmi u\u017eivatel\u016f.<\/li>\n<\/ul>\n\n\n\n<p>Na rozd\u00edl od ISO 27001, kter\u00e9 po \u00fasp\u011b\u0161n\u00e9m, akreditovan\u00e9m auditu ud\u011bluje form\u00e1ln\u00ed certifikaci, SOC 2 form\u00e1ln\u00ed certifikaci neposkytuje. Firmy m\u00edsto toho absolvuj\u00ed nez\u00e1visl\u00fd audit a obdr\u017e\u00ed report SOC 2, kter\u00fd hodnot\u00ed, jak dob\u0159e spl\u0148uj\u00ed bezpe\u010dnostn\u00ed standardy. Tato zpr\u00e1va slou\u017e\u00ed k prok\u00e1z\u00e1n\u00ed souladu z\u00e1kazn\u00edk\u016fm a partner\u016fm, ale nejedn\u00e1 se o ofici\u00e1ln\u00ed certifikaci.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7. FISMA: Posilov\u00e1n\u00ed kybernetick\u00e9 bezpe\u010dnosti feder\u00e1ln\u00edch instituc\u00ed v USA<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.cisa.gov\/topics\/cyber-threats-and-advisories\/federal-information-security-modernization-act\" target=\"_blank\" rel=\"noopener\">Z\u00e1kon o modernizaci feder\u00e1ln\u00ed bezpe\u010dnosti informac\u00ed<\/a> (FISMA) z roku 2014 si klade za c\u00edl modernizovat postupy kybernetick\u00e9 bezpe\u010dnosti pro americk\u00e9 feder\u00e1ln\u00ed agentury a jejich dodavatele. Vy\u017eaduje, aby Ministerstvo vnit\u0159n\u00ed bezpe\u010dnosti (DHS) hr\u00e1lo kl\u00ed\u010dovou roli v dohledu nad feder\u00e1ln\u00edmi iniciativami v oblasti kyberbezpe\u010dnosti, zat\u00edmco \u00da\u0159ad pro spr\u00e1vu a rozpo\u010det (OMB) vym\u00e1h\u00e1 dodr\u017eov\u00e1n\u00ed p\u0159edpis\u016f.<\/p>\n\n\n\n<p>Nedodr\u017een\u00ed po\u017eadavk\u016f FISMA m\u016f\u017ee v\u00e9st ke ztr\u00e1t\u011b vl\u00e1dn\u00edch zak\u00e1zek, zv\u00fd\u0161en\u00e9 regula\u010dn\u00ed kontrole a bezpe\u010dnostn\u00edm rizik\u016fm.<\/p>\n\n\n\n<p>Organizace pracuj\u00edc\u00ed s feder\u00e1ln\u00edmi daty mus\u00ed spl\u0148ovat po\u017eadavky FISMA 201, p\u0159edev\u0161\u00edm:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Nep\u0159etr\u017eit\u00fd monitoring a hodnocen\u00ed rizik<\/strong><\/li>\n\n\n\n<li><strong>Bezpe\u010dnostn\u00ed kontroly dle standard\u016f NIST<\/strong><\/li>\n\n\n\n<li><strong>Detekce a hl\u00e1\u0161en\u00ed naru\u0161en\u00ed bezpe\u010dnosti<\/strong><\/li>\n\n\n\n<li><strong>Form\u00e1ln\u00ed bezpe\u010dnostn\u00ed audity a p\u0159ezkumy compliance<\/strong><\/li>\n\n\n\n<li><strong>Pos\u00edlen\u00fd dohled ze strany DHS a OMB<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Jak implementovat a udr\u017eovat IT compliance<\/h2>\n\n\n\n<p>Dos\u00e1hnout, a n\u00e1sledn\u011b udr\u017eovat soulad s p\u0159edpisy a standardy, m\u016f\u017ee b\u00fdt n\u00e1ro\u010dn\u00e9. Neexistuje univerz\u00e1ln\u00ed \u0159e\u0161en\u00ed, ale n\u00e1sleduj\u00edc\u00ed kroky p\u0159edstavuj\u00ed praktick\u00fd p\u0159\u00edstup, kter\u00fd mohou organizace vyu\u017e\u00edt k dosa\u017een\u00ed a udr\u017een\u00ed IT compliance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Prove\u010fte anal\u00fdzu mezer v compliance (gap anal\u00fdza)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Ne\u017e organizace p\u0159istoup\u00ed ke zm\u011bn\u00e1m, mus\u00ed vyhodnotit sv\u016fj aktu\u00e1ln\u00ed stav v\u016f\u010di regula\u010dn\u00edm po\u017eadavk\u016fm. To zahrnuje:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>P\u0159ezkoum\u00e1n\u00ed existuj\u00edc\u00edch bezpe\u010dnostn\u00edch politik a kontrol.<\/li>\n\n\n\n<li>Audit IT infrastruktury a opat\u0159en\u00ed na ochranu dat.<\/li>\n\n\n\n<li>Identifikaci a n\u00e1pravu oblast\u00ed nesouladu.<\/li>\n<\/ul>\n\n\n\n<p>Form\u00e1ln\u00ed zpr\u00e1va, gap anal\u00fdza, pom\u00e1h\u00e1 organizac\u00edm prioritizovat zlep\u0161en\u00ed na z\u00e1klad\u011b \u00farovn\u011b rizika a dopadu na podnik\u00e1n\u00ed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Vypracujte pl\u00e1n n\u00e1pravy<\/h3>\n\n\n\n<p>V tomto kroku je c\u00edlem za\u010d\u00edt pracovat na n\u00e1prav\u011b, odstran\u011bn\u00ed zji\u0161t\u011bn\u00fdch nedostatk\u016f v compliance. Efektivn\u00ed pl\u00e1n n\u00e1pravy by m\u011bl zahrnovat:<\/p>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Zav\u00e1d\u011bn\u00ed nov\u00fdch bezpe\u010dnostn\u00edch opat\u0159en\u00ed tam, kde je to pot\u0159eba.<\/li>\n\n\n\n<li>Aktualizaci politik spr\u00e1vy p\u0159\u00edstup\u016f tak, aby u\u017eivatel\u00e9 m\u011bli pouze nezbytn\u00e1 opr\u00e1vn\u011bn\u00ed.<\/li>\n\n\n\n<li>\u0158e\u0161en\u00ed zranitelnost\u00ed v infrastruktu\u0159e, softwaru a ukl\u00e1d\u00e1n\u00ed dat.<\/li>\n<\/ul>\n\n\n\n<p>Pl\u00e1n n\u00e1pravy mus\u00ed p\u0159i\u0159adit jasn\u00e9 odpov\u011bdnosti a stanovit term\u00edny pro proveden\u00ed zm\u011bn.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Nastavte jasn\u00e9 politiky a postupy<\/h3>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Compliance vy\u017eaduje dokumentaci aplikovan\u00fdch politik, kter\u00e9 definuj\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Jak\u00fdm zp\u016fsobem jsou data sb\u00edr\u00e1na, zpracov\u00e1v\u00e1na a ukl\u00e1d\u00e1na v souladu se z\u00e1kony jako GDPR.<\/li>\n\n\n\n<li>Mechanismy kontroly p\u0159\u00edstupu, v\u010detn\u011b v\u00edcefaktorov\u00e9 autentizace (MFA) a opr\u00e1vn\u011bn\u00ed zalo\u017een\u00fdch na rol\u00edch.<\/li>\n\n\n\n<li>Postupy reakce na incidenty, aby bylo zaji\u0161t\u011bno spr\u00e1vn\u00e9 \u0159e\u0161en\u00ed a hl\u00e1\u0161en\u00ed bezpe\u010dnostn\u00edch incident\u016f v po\u017eadovan\u00fdch lh\u016ft\u00e1ch.<\/li>\n<\/ul>\n\n\n\n<p>Tyto politiky mus\u00ed b\u00fdt snadno dostupn\u00e9 a pravideln\u011b aktualizovan\u00e9 s ohledem na nov\u00e9 hrozby a regulace.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. \u0160kolte zam\u011bstnance v oblasti compliance<\/h3>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Mnoho poru\u0161en\u00ed compliance je zp\u016fsobeno lidskou chybou. \u0160kolen\u00ed o bezpe\u010dnosti a compliance procesech je proto z\u00e1sadn\u00ed. Osoby odpov\u011bdn\u00e9 za \u0159\u00edzen\u00ed compliance by proto m\u011bli:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Vzd\u011bl\u00e1vat zam\u011bstnance o odpov\u011bdnosti za ochranu dat.<\/li>\n\n\n\n<li>\u0160kolit zam\u011bstnance v rozpozn\u00e1v\u00e1n\u00ed phishingov\u00fdch \u00fatok\u016f a bezpe\u010dnostn\u00edch hrozeb.<\/li>\n\n\n\n<li>Zav\u00e9st bezpe\u010dn\u00e9 postupy p\u0159i nakl\u00e1d\u00e1n\u00ed s citliv\u00fdmi informacemi.<\/li>\n<\/ul>\n\n\n\n<p>Pravideln\u00e9 opakovac\u00ed \u0161kolen\u00ed zajist\u00ed, \u017ee bezpe\u010dnost z\u016fstane prioritou v cel\u00e9 organizaci.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. Zave\u010fte pr\u016fb\u011b\u017en\u00fd monitoring a audity<\/h3>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>IT compliance nen\u00ed jednor\u00e1zov\u00fd c\u00edl nebo aktivita. Vy\u017eaduje neust\u00e1l\u00fd dohled. IT t\u00fdmy by m\u011bly:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pou\u017e\u00edvat automatizovan\u00e9 n\u00e1stroje pro detekci poru\u0161en\u00ed politik a bezpe\u010dnostn\u00edch incident\u016f.<\/li>\n\n\n\n<li>Pravideln\u011b prov\u00e1d\u011bt intern\u00ed audity k ov\u011b\u0159en\u00ed souladu s bezpe\u010dnostn\u00edmi r\u00e1mci.<\/li>\n\n\n\n<li>Pl\u00e1novat extern\u00ed audity pro certifikace, nap\u0159\u00edklad ISO 27001.<\/li>\n<\/ul>\n\n\n\n<p>V ide\u00e1ln\u00edm p\u0159\u00edpad\u011b by vybran\u00e9 IT syst\u00e9my m\u011bly generovat zpr\u00e1vy, kter\u00e9 usnadn\u00ed prok\u00e1z\u00e1n\u00ed compliance dozorov\u00fdm org\u00e1n\u016fm, auditor\u016fm nebo pro pot\u0159eby vnit\u0159n\u00ed kontroly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6. Sledujte zm\u011bny v regulac\u00edch<\/h3>\n\n\n\n<p>Standardy compliance se v \u010dase vyv\u00edjej\u00ed, proto mus\u00ed IT t\u00fdmy:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sledovat aktualizace regulac\u00ed, kter\u00e9 ovliv\u0148uj\u00ed jejich odv\u011btv\u00ed.<\/li>\n\n\n\n<li>Pravideln\u011b revidovat a aktualizovat bezpe\u010dnostn\u00ed politiky.<\/li>\n\n\n\n<li>Zaji\u0161\u0165ovat, aby compliance software a n\u00e1stroje pro monitoring z\u016fstaly efektivn\u00ed.<\/li>\n<\/ul>\n\n\n\n<p>Zakotven\u00edm compliance do ka\u017edodenn\u00edho IT provozu mohou firmy sn\u00ed\u017eit rizika, vyhnout se sankc\u00edm a udr\u017eet si soulad s p\u0159edpisy.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">IT compliance nen\u00ed o napl\u0148ov\u00e1n\u00ed checkbox\u016f<\/h2>\n\n\n\n<p>Soulad s p\u0159edpisy a standardy je d\u016fle\u017eit\u00e1 sou\u010d\u00e1st ochrany podnik\u00e1n\u00ed, zabezpe\u010den\u00ed dat z\u00e1kazn\u00edk\u016f a budov\u00e1n\u00ed d\u016fv\u011bry. Dr\u017eet krok s m\u011bn\u00edc\u00edmi se regulacemi a sou\u010dasn\u011b zvl\u00e1dat bezpe\u010dnostn\u00ed hrozby m\u016f\u017ee b\u00fdt ale n\u00e1ro\u010dn\u00e9. Vy\u017eaduje to neust\u00e1l\u00fd monitoring, hodnocen\u00ed rizik a udr\u017eov\u00e1n\u00ed spr\u00e1vn\u011b funguj\u00edc\u00edch bezpe\u010dnostn\u00edch opat\u0159en\u00ed.<\/p>\n\n\n\n<p>Chcete-li se dozv\u011bd\u011bt v\u00edce o praktick\u00e9m vyu\u017eit\u00ed log managementu p\u0159i pln\u011bn\u00ed compliance po\u017eadavk\u016f, pod\u00edvejte se na n\u00e1\u0161 blog o regulaci <a href=\"https:\/\/logmanager.com\/cs\/?post_type=learning_hub&amp;p=7178\" data-type=\"link\" data-id=\"https:\/\/logmanager.com\/cs\/learn\/narizeni-dora-a-log-management\/\">DORA<\/a>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zjist\u011bte, co v\u0161e IT compliance obn\u00e1\u0161\u00ed a jak\u00e9 jsou kl\u00ed\u010dov\u00e9 regulace.<\/p>\n","protected":false},"author":4,"featured_media":1113,"parent":0,"template":"","learning_hub_tag":[],"class_list":["post-7191","learning_hub","type-learning_hub","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub\/7191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub"}],"about":[{"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/types\/learning_hub"}],"author":[{"embeddable":true,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/users\/4"}],"version-history":[{"count":11,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub\/7191\/revisions"}],"predecessor-version":[{"id":7221,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub\/7191\/revisions\/7221"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/media\/1113"}],"wp:attachment":[{"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/media?parent=7191"}],"wp:term":[{"taxonomy":"learning_hub_tag","embeddable":true,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub_tag?post=7191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}