Security Audits

External Audit Found What Every Hacker Could See

A cooperative bank underwent a regulatory audit. Auditors found an Oracle admin panel without a password in 20 minutes - accessible from the internet. The same panel had been visible to hackers for 8 months. During that time, data of 15,000 customers was downloaded. Cost: €500K regulatory fine + reputation loss + customer lawsuits.

Without regular security audits:

• Critical vulnerabilities remain unnoticed for years
• You don’t know if you’re investing in real risks
• Fail during regulator audit
• No preparation for ISO 27001 or NIS2 certification

Independent Assessment + Concrete Action Plan

We don’t leave you with a thick report full of jargon. We understand you have a limited budget and team. That’s why we prioritize recommendations by business risk and feasibility - from quick wins to strategic projects.

What you get:

• Technical audit: system, network, application, Active Directory configurations
• Process audit: policies, procedures, access management, backup & DR
• Compliance audit: gap analysis against ISO 27001, NIS2, GDPR, PCI DSS
• Risk assessment according to ISO 27005 or NIST methodology
• Executive summary report for management (no technical jargon)
• Technical report with concrete remediation steps
• Implementation roadmap with priorities (quick wins → long-term projects)
• Optionally: support in implementing top 10 recommendations

Who Is It For?

This service is for you if:

• You’re preparing for ISO 27001 certification or NIS2 audit
• You need an independent assessment before an important audit (regulatory, client)
• The board wants to know “how secure are we really”
• You want to check the effectiveness of security investments
• You must meet compliance requirements (GDPR, PCI DSS, industry-specific)

Types of Security Audits

ISO 27001 Compliance Audit

Assessment of ISO/IEC 27001 certification readiness:

• Gap analysis against standard requirements (Annex A - 93 controls)
• Information Security Management System (ISMS) assessment
• Documentation review (policies, procedures, registers)
• Verification of implemented control effectiveness
• Action plan to certification with timeline

Typical time: 5-10 days | Price from: €9,500

NIS2 Compliance Audit

Preparation for NIS2 directive requirements:

• Determination if you’re subject to NIS2 (essential/important entity)
• Gap analysis against 10 requirement areas
• Cybersecurity risk management assessment
• Incident reporting procedures review
• Supply chain security
• Compliance implementation plan with timeline

Typical time: 7-12 days | Price from: €12,000

GDPR Compliance Audit

Personal data processing verification:

• Personal data inventory
• Legal basis assessment
• Processing agreements and consent review
• Technical and organizational measures assessment
• Breach and data subject rights procedures verification
• Remediation recommendations

Typical time: 5-8 days | Price from: €8,500

Technical Infrastructure Audit

Technical security review:

• Windows/Linux server configuration
• Active Directory and permissions security
• Network segmentation and firewall rules
• System hardening according to CIS Benchmarks
• Backup, disaster recovery, and high availability
• Security monitoring and logging

Typical time: 5-10 days | Price from: €9,500