Audits
We audit a wide variety of organizations in a wide variety of fields in cooperation with DEKRA Certification GmbH and the BSI (Federal Office for Information Security). Our security consultants already keep the certification in mind during the consulting phase – that is our strength.
Audits with DS DATA SYSTEMS
DS DATA SYSTEMS uses a systematic approach to prepare your organization for compliance with relevant standards and/or legal regulations. Conducting audits helps identify areas for improvement to enhance your level of security matureness. We do not only check whether legal and contractual requirements are adhered to (compliance), but also analyze existing documentation, processes and IT systems.
For almost 30 years, DS DATA SYSTEMS has been an expert for information security, data protection and security technology. We have advised organizations ranging from medium-sized businesses up to international corporations regardless of size and industry, as well as federal and state governments.
Your advantages:
- Industry-independent
- Active worldwide
- Almost 30 years of market experience
- Discreet and careful
- Personal and individual
- Cost-oriented
Your advantages:
- Industry-independent
- Active worldwide
- Almost 30 years of market experience
- Discreet and careful
- Personal and individual
- Cost-oriented
Why audits?
The benefits of audits are greater than the costs incurred to conduct them.
The objective of a security audit is to determine whether the security equipment and procedures in place meet the applicable security requirements and are effective enough to minimize the risks to the organization. Normally, an audit is conducted regularly according to a specific time-schedule with the goal of uncovering weaknesses in good time and remedying these sustainably.
Our security consultants are certified for accredited audits by the certification body DEKRA Certification GmbH as:
- Lead Auditor ISO/IEC 27001, ISO/IEC 20000-1, ISO 22301
- Lead Auditor ISO 27701
- Assistant TISAX®-Auditor
OUr consultants are certified by the Federal Office for Information Security (BSI):
- Certified audit teamlead for the execution of ISO 27001 audits based on the BSI IT-Grundschutz
Further certifications:
- Auditor according to §8a BSIG / KRITIS
The following provides an overview of the topics we can audit:
ISO/IEC 27001
ISO/IEC 27001 is an international standard for information security management systems (ISMS) that specifies how companies and organizations should organize and monitor their information security. An ISO/IEC 27001 audit is a process, where an independent, external party reviews the implementation and effectiveness of an organization’s ISMS system to ensure that it meets the requirements of the standard/norm.
An ISO/IEC 27001 audit typically involves a comprehensive review of the company’s or organization’s ISMS processes, procedures, and systems, including document reviews.
ISO 27001 on the basis of BSI IT-Grundschutz
The BSI IT-Grundschutz is a framework developed by the German Federal Office for Information Security (BSI) and provides a method for implementing ISMS systems predominantly, but not exclusively, for German companies and organizations.
An ISO 27001 audit based on BSI IT-Grundschutz is an audit whereby an independent, external party reviews the implementation and effectiveness of a company’s or organization’s ISMS system according to the requirements of the ISO 27001 standard and the recommendations of the BSI IT-Grundschutz framework.
VDA ISA (TISAX®)
VDA ISA, also known as TISAX® (Trusted Information Security Assessment Exchange), is an audit procedure for information security developed by the German automotive industry. It was developed by the German Association of the Automotive Industry (VDA) in cooperation with the German Federal Office for Information Security (BSI) and is used to check the information security of suppliers and service providers for the automotive industry.
An audit in accordance with the VDA ISA (TISAX®) comprises a comprehensive review of a company’s ISMS processes, procedures and systems, including document reviews.
If an company meets the requirements of the VDA ISA (TISAX®), it is usually awarded a label (to demonstrate passing the audit).
Audit according to §8a BSIG (KRITIS)
Paragraph 8a of the BSI Act (BSIG), also known as the Critical Infrastructure Act (KRITIS), is German legislation that defines rules for the security of critical infrastructures. Critical infrastructure means facilities and establishments that are essential for maintaining public safety and order, and secure the basic needs of the general public.
An audit according to §8a BSIG is a process in which an independent, external party reviews the security of critical infrastructures to ensure that they meet the requirements of the law. An audit typically involves a comprehensive review of the critical infrastructure’s security processes, procedures, and systems, including document reviews.
ISO 22301
ISO 22301 is an international standard for business continuity management (BCM) that specifies how companies and organizations should organize, maintain and monitor their ability to respond to unforeseen events. An ISO 22301 audit is a process where an independent, external party reviews the implementation and effectiveness of an organization’s BCM system to ensure that it meets the requirements of the standard.
An ISO 22301 audit generally involves a comprehensive review of an organization’s BCM processes, procedures, and systems, including document reviews.
ISO/IEC 20000-1
ISO/IEC 20000-1 is an international standard for IT service management (ITSM) and outlines requirements for processes, systems and the organization itself, that delivers IT-services. An ISO/IEC 20000-1 audit is a process where an independent, external party reviews the implementation and effectiveness of an organization’s ITSM system to ensure that it meets the requirements of the standard.
ISO/IEC 20000-1 auditing generally involves a comprehensive review of an organization’s ITSM processes, procedures, and systems, including document reviews.
ISO/IEC 27701
ISO/IEC 27701 is an international standard and serves as an extension of the ISO 27001 Information Security Management System (ISMS) for the management and processing of personal data, especially with regard to the requirements of the EU General Data Protection Regulation (GDPR). An ISMS according to ISO 27001 is a prerequisite for this audit. An ISO/IEC 27701 audit is a process where an independent, external party reviews the implementation and effectiveness of an organization’s ISMS system with regards to the management of personal data to ensure that it meets the requirements of the standard.
An ISO/IEC 27701 audit generally involves a comprehensive review of an organization’s ISMS processes, procedures, and systems with regards to the management of personal data. This generally involves document reviews, conducting performance tests and verifications.
Data protection audit
A data protection audit is a process where an independent, external party reviews the implementation and effectiveness of an organization’s data protection policies and procedures to ensure that they comply with applicable data protection laws and regulations. A data protection audit can be conducted according to national and international requirements, depending on which laws and regulations apply to the company or organization.
A data protection audit generally involves a comprehensive review of an organization’s data protection processes, procedures, and systems, including document reviews. The goal of the audit is to determine whether the organization manages and monitors its data protection measures appropriately, complying with applicable laws. However, it is not a certification audit.
Service provider and supplier audits
A service provider and supplier audit is a process where a company or organization reviews the compliance with standards (and for example internal requirements), as well as capabilities of its service providers and suppliers. Its purpose is to ensure that service providers and suppliers live up to the expected, agreed-upon services and fulfill their obligations. This includes satisfying quality, safety, emergency management, environmental and ethical standards.
A service provider and supplier audit generally involves a comprehensive review of a service provider’s or supplier’s processes, procedures and systems, including document reviews.
Internal audit
An internal audit is usually conducted by the employees of an organization or company themselves. The main task here is to identify weaknesses in security procedures and propose remediations. For example, this can be done by regularly reviewing records or conducting spot checks in individual areas. However, it can be prudent to have internal audits performed by external persons in order to prevent conflicts of interest, subjective views and possible operational blindness.
Physical security audit
A physical security audit is a review of the physical security measures of a company or organization. Physical security is concerned with the measures taken to prevent hazards from direct, physical (bodily) impact on objects.
Physical security starts with simple measures, such as locked computer enclosures and extends to access-protection systems in data centers. These can include physical doors and windows, video surveillance systems, alarm systems, electronic access control systems, lighting systems, and other similar devices. The review can be performed internally by company employees or externally by our independent security consultants.
Security Quick Check
Additionally, we offer individual Quick Checks to quickly evaluate your security level for the following areas:
- Information Security
- Data protection
- Security Systems
Our longstanding experience as accredited auditors ensures that we work quickly and cost-effectively to assist you in any of the mentioned aspects. Request a free initial consultation by clicking this button.