Improve security by uncovering vulnerabilities through audits and assessments!

We conduct audits and assessments in the areas of organisation, technology, law, infrastructure and people.

We use audit methods such as the analysis of existing requirements and documentation, personal questioning (interviews), inspections, observations of work carried out, sampling and technical system checks (e.g. penetration tests, cloud security assessments, configuration and hardening checks).

We base our measurements on internationally recognised standards such as ISO 19011, ISO 27001/ISO 27002, ISO 27017, ISO 27018, ISO 27701, ISO 22301 or the NIST Cyber Security Framework. Our specialists also use other recognised specifications and frameworks for audits and assessments, such as the FONES ICT minimum standard, the FINMA circulars, COBIT, PCI DSS, OWASP or CIS Controls.
Reto Steinmann

Reto Steinmann
Head of Consulting


Integral audits

We examine the audit area systematically and measurably in one or more of the five areas (organisation, technology, law, infrastructure and people) with the experience of proven specialists.

Request offer

Information security audits

The information security health check or a comprehensive audit of your information security management system (ISMS) provides additional control knowledge and is a useful corporate management tool.

Request offer

Data protection audits

We check whether legal requirements are met and, for example, whether CRM, ERP or HR applications comply with data protection requirements. However, an audit also focuses on people and their awareness of data protection.

Request offer

IT security audits

We check the technical security of your IT infrastructure or individual systems and/or applications systematically and with a lot of experience according to a proven procedural model.

Request offer

Social engineering / phishing

Social engineering is the planning and execution of attacks on information and systems by exploiting the "human vulnerability", including attacks such as email phishing.

Social engineering can be carried out as an audit or from the perspective of awareness.

Read more

BCM / ITSCM tests and audits

To test whether your Business Continuity Management or IT Service Continuity Management meets the requirements in case of need, we support you in carrying out BCM / ITSCM tests and audits.

Request offer


Non-binding enquiry


Of course 100% confidential, free and non-binding!