Audits & analyses

Audits & Analysis

secunet supports audit preparation and assistance within the scope of certification audits for the areas of information security, business continuity, data protection and OT security. In addition, we carry out benchmarks and maturity checks and create situation reports on the current security situation. Always with the aim of identifying the need for action and fulfilling the relevant legal and regulatory requirements.

Security analyses

Gap analyses, benchmarks or maturity audits are based on secunet best practices, government and industry standards, customer-specific requirements, our decades of auditing experience and our knowledge of the state of the art in a wide range of sectors.

We define individual focal points on request - entirely according to the needs of our customers.

Audit preparation and monitoring of a certification audit

Organisations preparing for the certification of a management system are faced with a multitude of tasks. In particular, the initial certification audit often poses a special challenge. Maintaining a certification on the other hand requires regular surveillance and recertification audits.

With this in mind, secunet offers support for audit preparation and audit defense.

In doing so, we prepare organisations and the relevant stakeholders for the audit situation and provide support in compiling the documents and records. We conduct training sessions in which the audit process is simulated and any "pitfalls" can be practiced or discussed. We are also happy to provide support during the audit and in the follow-up to audits.

Implementation of 1st and 2nd-party audits

secunet carries out 1st party audits ("internal audits") and 2nd party audits ("supplier audits") in accordance with the requirements for management systems.
Each audit carried out by secunet is based on defined process steps.

The tests are carried out in accordance with the respective underlying standards:

  • ISO/IEC 27001 for information security management systems
  • BSI Standard 200-2 for information security management systems based on ISO 27001
  • IT security catalogs in accordance with § 11 1a and 1b for energy plants and transportation
  • Industry-specific security standards (B3S) for numerous KRITIS sectors
  • ISO 22301 for business continuity management systems
  • IEC 62443 for the area of industrial plants, process networks and control systems

We offer a special form of analysis with the cybersecurity situation report, which combines various forms of analysis. It covers the information, IT and OT security of an organisation.

Cybersecurity situation

We offer a special form of analysis in the form of the cybersecurity situation.
Contact request
Do you still have questions about our consulting products?
Do you still have questions about our consulting products?

If you have any questions, please send us an inquiry via the contact form. We are happy to help.

Seite 1