IS-Revision

Security Optimisation following BSI Guidelines

Regular assessments of implemented security controls and processes are essential when it comes to permanently maintain an adequate level of information security. To cater for this demand, the German Federal Office for Information Security (BSI) has developed the "IS-Revision" concept: in contrast to our general IT security audits, this audit procedure specifically addresses organisations that have implemented IT-Grundschutz, but, in the initial stage, do not seek certification. For German federal agencies, "IS-Revisions" are even mandatory. The objective is to help IT organisations in the implementation and optimisation of security controls.

Having earned the official title of "IS-Revisors", our security consultants are competent and reliable partners for "IS-Revision" audits in your organisation, following the official BSI guideline:

1 Preparing the Assessment

In a kick-off meeting, we clarify with you general aspects such as the project schedule, contacts persons, relevant documents etc.

2 Creating the Assessment Plan

Based on the documentation you provide, our experts gain an overview of your IT organisation and develop an assessment plan.

3 Examining Your Documentation

In the next step, we review your documentation, focusing on completeness and comprehensibility as well as the adequacy of the implemented controls.

4 Carrying out the On-Site Audit

An on-site audit allows us to spot-check whether the processes described in your documentation are also used in practice.

5 Evaluating the Results

Following the audit, we evaluate all the information collected, which serves as the basis for our final assessment.

6 Creating the Report

The findings of the audit are summarized in a detailed report, and supplemented with recommendations for improvement.