Security compliance audit

Compliance with international standards is your competitive advantage

Compliance with information security standards shows the maturity of your management, adherence to modern best practices, and proves that you care about information privacy, the resilience of IT systems, business continuity, responsibility, manageability, and other security-related business requirements.

The standard delivery process for the implementation and support of ISO 27001, TISAX, and other standards

  1. Confidentiality. We sign a Non-Disclosure Agreement and become committed to maintaining confidentiality.
  2. Development of Statement of Works. Definition of the delivery scope and prioritization. We carry out this stage for you free of charge.
  3. The deal. We send you a detailed commercial offer including a high-level project plan. Then we sign a Service Agreement.
  4. Initial audit, gap analysis, and detailed project planning. We interview your staff, check the documents, assess the physical security perimeter, etc.
  5. Implementation of security processes and operations. We implement an Information Security Management System (ISMS) for you.
  6. The certification process. This stage includes the selection of a certification body, pre-audit, corrective actions, and a certification audit.
  7. Ongoing support of the ISMS. The ISMS should be supported, maintained, and optimized. We will make sure that your ISMS is up to date.

Security standards and regulations

  • ISO 27001/27002. Learn more.
  • VDA ISA (Verband der Automobilindustrie Information Security Assessment), ENX TISAX® (Trusted Information Security Assessment Exchange), ISO/TS 16949, ASPICE (Automotive Software Performance Improvement and Capability determination). Learn more.
  • GDPR (General Data Privacy Regulation). Learn more.
  • SOC 2 (System and Organization Control). Learn more.
  • PCI DSS (Payment Card Industry Data Security Standard), SWIFT Customer Security Controls Framework (CSCF). Learn more.
  • HIPAA (Health Insurance Portability and Accountability Act), HITECH (Health Information Technology for Economic and Clinical Health), HITRUST (Health Information Trust Alliance).
  • ISF SoGP (Information Security Forum’s Standard of Good Practice for Information Security).
  • COBIT (Control Objectives for Information and Related Technologies).
  • Other standards and regulations.

Check out our additional services and business cases. Send the form below to request a security audit or get a free consultation.

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases