Gap analyses, benchmarks or maturity audits are based on secunet best practices, government and industry standards, customer-specific requirements, our decades of auditing experience and our knowledge of the state of the art in a wide range of sectors.
We define individual focal points on request - entirely in line with our customers' needs.
Audit preparation and support of a certification audit
Organizations preparing for management system certification, due to external or internal requirements, face a variety of tasks. To maintain a certification, surveillance and recertification audits are necessary at planned intervals. Especially the first certification audit is a special challenge for organizations. The procedures have not yet been internalized, the approach of the inspection bodies and auditors is still unknown, and concerns regarding the "audit situation" are often still at the forefront, so that a smooth process cannot yet be taken for granted.
With this in mind, secunet offers support for audit preparation and audit defense.
In doing so, we prepare organizations and the relevant stakeholders for the audit situation and provide support in compiling the documents and records. We conduct training sessions in which the audit process is simulated and any "pitfalls" can be practiced or discussed. We are also happy to provide support during the audit and in the follow-up to audits.
Implementation of 1st and 2nd-party audits
secunet conducts 1st-party audits ("internal audits") and 2nd-party audits ("supplier audits") in accordance with the requirements for management systems.
Each audit conducted by secunet is based on defined process steps.
The tests are carried out in accordance with the respective underlying standards:
- ISO/IEC 27001 for information security management systems
- BSI Standard 200-2 for information security management systems based on ISO 27001
- IT security catalogs in accordance with § 11 1a and 1b for energy plants and transportation
- Industry-specific security standards (B3S) for numerous KRITIS sectors
- ISO 22301 for business continuity management systems
- IEC 62443 for the area of industrial plants, process networks and control systems
We offer a special form of analysis in the form of the cybersecurity situation picture, which combines various forms of analysis. It covers the information, IT and OT security of an organization.