A case study of security audit in tax offices will be presented. The audit was conducted according to legal requirements of The Tax Directorate of the Slovak Republic, namely: · the Law No. 275/2006 and the order of Ministry of Finance of Slovak Republic No. 312/2010. · The Law 428/2002 on personal data protection · ISO/IEC 27002 norm (good practice of information security management) · Internal directive of The Tax Office of the Slovak Republic for information security The presentation will also cover the objectives of the audit, its process and structure of outcomes.