IT Security Audits based on IT-Grundschutz
Security Optimisation following BSI Guidelines
Regular assessments of implemented security controls and processes are essential when it comes to permanently maintain an adequate level of information security. To cater for this demand, the German Federal Office for Information Security (BSI) has developed the "IS-Revision" concept: in contrast to our general IT security audits, this audit procedure specifically addresses organisations that have implemented IT-Grundschutz, but, in the initial stage, do not seek certification. For German federal agencies, "IS-Revisions" are even mandatory. The objective is to help IT organisations in the implementation and optimisation of security controls.
Having earned the official title of "IS-Revisors", our security consultants are competent and reliable partners for "IS-Revision" audits in your organisation, following the official BSI guideline:
1 Preparing the Assessment
In a kick-off meeting, we clarify with you general aspects such as the project schedule, contacts persons, relevant documents etc.
2 Creating the Assessment Plan
Based on the documentation you provide, our experts gain an overview of your IT organisation and develop an assessment plan.
3 Examining Your Documentation
In the next step, we review your documentation, focusing on completeness and comprehensibility as well as the adequacy of the implemented controls.
4 Carrying out the On-Site Audit
An on-site audit allows us to spot-check whether the processes described in your documentation are also used in practice.
5 Evaluating the Results
Following the audit, we evaluate all the information collected, which serves as the basis for our final assessment.
6 Creating the Report
The findings of the audit are summarized in a detailed report, and supplemented with recommendations for improvement.
IT Security Consulting and Audit Certification
A certification procedure developed by the BSI allows IS professionals to earn the title of an “IS-Revisor”, an IT security consulting and audit expert. plan42 security consultants have earned this title as an official proof of their competence to support government agencies with the creation and implementation of security concepts and the completion of IT security audits following the guidelines for IT security audits based on IT-Grundschutz.
And what can we do for you?
Would you like to learn more about our services regarding "IS-Revision"? Please feel free to contact us.