According to the order, the cyber security auditor can be any natural or legal person who
performs on the territory of Romania the security audit activity of networks and computer
systems that provide essential services or provide digital services to identify malfunctions and
vulnerabilities and provide solutions remedy them.
For the issuance, revocation or renewal of certificates of cybersecurity auditors who can
perform audits in networks and computer systems that support essential services or provide
digital services is the National Cyber Security Incident Response Center – CERT-RO.
The cybersecurity auditor certificate is obtained based on the application for issuing the
cybersecurity auditor certificate and the file for issuing the cybersecurity auditor certificate.
60 days before the expiration of the validity term of the certificate, the cyber security auditor
will request CERT-RO, the renewal of the certificate by completing and sending a request
regarding the renewal of the security auditor certificate.