Audits & analyses

Audits & Analysis

secunet provides support in audit preparation and support as part of certification audits for the areas of information security, business continuity, data protection and OT security. In addition, we conduct benchmarks and maturity checks and create situation reports on the current security situation. Always with the aim of identifying areas where action is needed and meeting relevant legal and regulatory requirements.

Security analyses

Gap analyses, benchmarks or maturity audits are based on secunet best practices, government and industry standards, customer-specific requirements, our decades of auditing experience and our knowledge of the state of the art in a wide range of sectors.

We define individual focal points on request - entirely in line with our customers' needs.

Audit preparation and support of a certification audit

Organizations preparing for management system certification, due to external or internal requirements, face a variety of tasks. To maintain a certification, surveillance and recertification audits are necessary at planned intervals. Especially the first certification audit is a special challenge for organizations. The procedures have not yet been internalized, the approach of the inspection bodies and auditors is still unknown, and concerns regarding the "audit situation" are often still at the forefront, so that a smooth process cannot yet be taken for granted.

With this in mind, secunet offers support for audit preparation and audit defense.

In doing so, we prepare organizations and the relevant stakeholders for the audit situation and provide support in compiling the documents and records. We conduct training sessions in which the audit process is simulated and any "pitfalls" can be practiced or discussed. We are also happy to provide support during the audit and in the follow-up to audits.

Implementation of 1st and 2nd-party audits

secunet conducts 1st-party audits ("internal audits") and 2nd-party audits ("supplier audits") in accordance with the requirements for management systems.
Each audit conducted by secunet is based on defined process steps.

The tests are carried out in accordance with the respective underlying standards:

  • ISO/IEC 27001 for information security management systems
  • BSI Standard 200-2 for information security management systems based on ISO 27001
  • IT security catalogs in accordance with § 11 1a and 1b for energy plants and transportation
  • Industry-specific security standards (B3S) for numerous KRITIS sectors
  • ISO 22301 for business continuity management systems
  • IEC 62443 for the area of industrial plants, process networks and control systems

We offer a special form of analysis in the form of the cybersecurity situation picture, which combines various forms of analysis. It covers the information, IT and OT security of an organization.

Cybersecurity situation

We offer a special form of analysis in the form of the cybersecurity situation.
Contact request
Do you still have questions about our consulting products?
Do you still have questions about our consulting products?

If you have any questions, please send us an inquiry via the contact form. We are happy to help.

Seite 1