A requirement for the improvement of the quality management for the Romanian companies that are integrated in the European environment is represented by the development of an informational partnership between the actors involved in the company network. This partnership must be characterized by credibility, conformity, performance and security. The IT&C system represent the hardware and software support of this partnership, and the IT audit is the process that certify it’s conformity. In the audit process, the main accent is on the security audit due to the importance of the vulnerabilities, threats and IT risk analysis. The list of measures that are proposed at the end of the audit to company management should be incorporated in the company security policy, that is the starting point for the ISMS – Information Security Management System, part of the company general management system. The implementation of the Business Continuity and Disaster Recovery Plan is one of the most important measures in order to increase the confidence level of the business partners and to provide safe environment for business continuance.

Management, IT&C Systems, IT Audit, ISMS, Security Policy, Business Continuity, Disaster Recovery Plan