Comprehensive audit services for information security standards and compliance (legal and regulatory requirements)
We perform targeted audits on legal and regulatory requirements, e.g.
- Information Security Act,
- DORA,
- NIS-2,
or to standards like
- ISO 14001, 22301, 27001, 27017, 27018, 27701, 50001,
- NIST Cybersecurity Framework,
- ICT minimum standards.
We also cover the following topics
- Audits on the “Guidelines on information security and data protection audits” of the Federal Social Insurance Office
- Third-party risk assessment
Our audit approach:
- Kick-off / planning:
- Definition of audit criteria and objectives in close consultation with the customer
- Implementation:
- Systematic collection and analysis of relevant data through document review, interviews, technical checks and on-site visits
- Final report
- Preparation of a detailed audit report with clear recommendations and support in implementing improvement measures
- Final presentation / debriefing
We accompany you from planning through implementation to the final report – with clear analyses, concrete recommendations for action and active support during implementation. This enables you to create transparency, reduce risks and meet regulatory requirements in a sustainable manner.