IT Audits, certification and Cyber Security
Due to the constant development of IT technologies, applications and frequent organizational changes, IT systems of companies and public authorities are subject to permanent change. As a result, after each change or adaptation of the IT environment, the effect of these changes on the underlying business processes and the protection goals of information security has to examined. Additional uncertainties arise from the multitude of threat scenarios and their further development into increasingly sophisticated variants.
Current and potential customers, suppliers, auditors, authorities, and other stakeholders have a fundamental interest in comprehensive information security of the company concerned and the correct functioning of its business and accounting-relevant processes. Specific verification obligations also result from regulatory and legal requirements for corporate IT.
Verification and confirmation of the correct functioning of the IT environment, compliance with information security and fulfilment of the legal requirements often require auditing support and expertise from external specialists.
Increasing demands on information security require a methodical approach to managing the risks involved. The quality of risk management determines the effectiveness and efficiency of the Information Security Management System (ISMS). We work with you to develop the relevant processes and controls and prepare you for an audit.
Cyber-attacks can be triggered by phishing, hacking, data breaches and data loss. Previous protective measures are no longer sufficient. We develop suitable concepts with you to achieve an appropriate level of cyber security.
The term resilience is derived from the Latin “resilire” (for to bounce back or rebound). Originally, it meant the physical ability of a body to bounce back to its original form after changing shape. Resilience applied to the company means that it should build up and train various measures to survive crises. We support you before the crisis, but also in a crisis.
What do we offer?
Our experts support you in auditing your IT environment on the basis of the legal requirements, along international and national auditing standards, as well as using best practice and profiting from many years of experience.
The following audits, certifications and attestations services are part of our portfolio:
- IT audit as part of the annual audit of auditors’ financial statements
- Audit and certification of information security based on the relevant standards
- Compliance audits for legal/regulatory requirements
- Audit and certification of cloud security
- Audit and certification of data centers
- Software audits and certification
- Audit and certification of internal control systems of service providers
- Cloud & Cyber Security Compliance checks
- Cyber Insurance readiness reviews
Based on your specific problem, objectives, and the current status quo, we define in close cooperation with you the approach for the audit and assessment in order to obtain the respective certification. Our experts have many years of experience in establishing audit and certification readiness as well as in the efficient execution of IT audits parallel to the ongoing day-to-day business of the IT department. We work closely with you and always offer you transparency and clarity about the status of our audits and the progress of the certification activities.