Information security audits help organisations identify shortcomings and development needs related to information security in their information systems. The audits take account of the information security requirements related to the organisation and its field of operation. We also provide support with the implementation and monitoring of the suggested development measures.
We will determine the scope of the information security audit in cooperation with the client. The audit can concern a single process, a sector of operation or the entire organisation. After the audit, you will be provided with a report on the state of your information security and recommendations for development.
An information audit will help you ensure that your critical business information is appropriately protected against risks.
You will also be able to ensure that:
- Responsibilities related to information security and data privacy are met
- Information security requirements related to data are identified
- Data is appropriately protected and backed up
- Access rights are appropriately managed and monitored
- Use of data is appropriately monitored
- Sufficient attention is paid to preventing misconduct.
The frameworks used by our experts in their work include the Control Objectives for Information and Related Technology (COBIT), Information Technology Infrastructure Library (ITIL), ISO 27000 information security standards, VAHTI criteria and sector-specific requirements.
Our information security auditing services cover:
- Development of information security management
- Auditing of systems and information security
- Assessment of compliance
- Assessment and development of continuity, recovery and preparedness planning.