We conduct audits and assessments in the areas of organisation, technology, law, infrastructure and people.
We use audit methods such as the analysis of existing requirements and documentation, personal questioning (interviews), inspections, observations of work carried out, sampling and technical system checks (e.g. penetration tests, cloud security assessments, configuration and hardening checks).
We base our measurements on internationally recognised standards such as ISO 19011, ISO 27001/ISO 27002, ISO 27017, ISO 27018, ISO 27701, ISO 22301 or the NIST Cyber Security Framework. Our specialists also use other recognised specifications and frameworks for audits and assessments, such as the FONES ICT minimum standard, the FINMA circulars, COBIT, PCI DSS, OWASP or CIS Controls.
Integral audits
We examine the audit area systematically and measurably in one or more of the five areas (organisation, technology, law, infrastructure and people) with the experience of proven specialists.
Information security audits
The information security health check or a comprehensive audit of your information security management system (ISMS) provides additional control knowledge and is a useful corporate management tool.
Data protection audits
We check whether legal requirements are met and, for example, whether CRM, ERP or HR applications comply with data protection requirements. However, an audit also focuses on people and their awareness of data protection.
IT security audits
We check the technical security of your IT infrastructure or individual systems and/or applications systematically and with a lot of experience according to a proven procedural model.
BCM / ITSCM tests and assessments
We will support you in carrying out BCM / ITSCM tests and audits to test whether your Business Continuity Management or IT Service Continuity Management meets the requirements in case of need.
