Audit Services
Based on your requirements, we audit selected subject areas or work with your audit/revision team. If required, we provide an audit manager who will also take on complete audit assignments. If you have certain specifications, we will check compliance on your behalf, regardless of whether this is a technical or organisational requirement. We support you in partnership from the planning and implementation stages, advise your specialist departments on the selection of appropriate measures and take care of the follow-up and documented acceptance of solutions.
Our approach When the contract is signed, CERTAINITY appoints a responsible project manager who ensures that contact persons and lines of communication are defined, a non-disclosure agreement is signed and the requirements for secure data exchange are established. Need-to-know and least-privilege principles must be strictly adhered to for the entire duration of the project. The planning phase is initiated by the CERTAINITY project manager with a kick-off meeting and serves to coordinate and define the scope of the audit, the procedure and the time frame. The dialogue partners required for the audit are identified and, if necessary, it is clarified which information is to be provided in advance for a document review. Document review - The internal policy framework provides information on what the desired target state should look like. In conjunction with the corporate and risk strategy, it is possible to assess whether the target status is appropriate or sufficient for the risk. The audit is performed based on the results and findings from the document review. The actual implementation is reviewed on the basis of random samples and a further assessment is made as to whether the measures found are effective, suitable, proportionate and appropriate to the risk and whether internal or regulatory requirements are being complied with. Deviations from the desired target status are described in detail and recommendations are made. Once the audit results have been analysed, a preliminary draft report is available and should give the client the opportunity to clarify any ambiguities or explain mitigating measures that have not been taken into account and to discuss the assessments made. In addition to the final report, we prepare a management summary and present this on request. If you need support with tracking, we can advise your specialist departments on finding solutions and take on the tracking and documented acceptance of solutions on a project basis.
We have specialised in the following audits: ISO 27001 pre-assessment, to define your current status, we carry out ISO 27001 pre-assessments. We evaluate the minimum security standards applied for appropriateness and check the effectiveness of the measures taken. Our experts are guided by your information security and risk management strategy, the state of the art and industry-specific best practice approaches. Depending on your objectives, the assessment will serve to determine the current situation in order to identify suitable and appropriate measures to improve the current situation and to develop a harmonised plan to implement the recommendations for action.