IT Security Audit
Regular Checks to Protect Your Assets
IT Security Audits Tailored to Your Requirements
Designing and establishing your organisation's IT security management system (ISMS) is an important step towards reliable IT security, but not the last one: once implemented, your ISMS should be assessed in regular intervals. These security audits keep you up to date regarding maturity level and implementation status, and they constitute an irreplaceable contribution to the security of your data and assets. In addition, IT security audits help you comply with your legal obligations to apply appropriate risk management measures within your organisation.
plan42 offers IT security audits tailored to meet the specific requirements of your company: we conduct audits based on a number of different German and international frameworks such as ISO 27001, IT-Grundschutz, CobiT, Sicherer IT-Betrieb etc., and apply them to the business units of your choice.
In a kick-off meeting preceding the actual audit, we work with you to define in detail the procedure, schedule, and contact persons for the audit project.
2 Examining Your Documentation
The next step is for us to review the documents you have provided, including, inter alia, user manuals, responsibilities, and operational concepts.
Interviews with contact persons from different groups (e.g. development, end users etc.) clarify questions regarding organisational implementation and technical conception.
4 On-Site Audit
We use on-site inspections to spot-check whether the processes described in your documentation are also used in practice.
5 Audit Report
The audit report summarises our results , evaluates the risk of the identified vulnerabilities and provides measures for immediate and medium-term improvement.
6 Final Presentation
A final presentation supplementing the report provides a summary of our findings alongside adequate measures to optimise your strategy.
Combining Security Audit and Usability Test
In many cases, it can be useful to evaluate the implementation of security controls in the context of usability, e.g. when controls implemented in online applications may confront users with difficulties. Often, however, usability concepts tailored to the target group can compensate a lot of these difficulties.
This is why plan42 also offers a combination of security audit and usability test to develop strategies that enable you to increase user acceptance - without impairing security. Our case study on IT security vs. usabilitygives you an idea of what such strategies can look like.
And what can we do for you?
Would you like to learn more about our IT security audits? Please feel free to contact us.