Over the last ten years, companies in all fields have invested heavily in IT services in the hope that this would give them a competitive edge. However, the introduction of new technologies always comes with risks attached, including attacks by hackers and breaches of data privacy.
As such events can do heavy damage to any company, technology risk management and an understanding of the significance of IT audits is becoming increasingly vital. Precedence should be given to the following fields
- IT organization, IT environment and IT strategy
- IT operations
- Access control
- Change management
Internal IT security check
We check how well your IT systems are equipped to defend the company against current threats and provide you with answers to questions, such as:
Are there any liability risks due to a lack of IT security that could be avoided? How secure is my own core data and the data of my customers? Am I protected against industrial espionage? What happens when my laptop is stolen or lost? Am I protected against data theft by employees?
You receive a summary of the results of this comprehensive IT security check that shows you the risks and any urgent need for action, including recommended improvements relating to:
- Basic security management
- User authorizations
- Network/WLAN, end device security
- Operating system security
- Scan of weak points
- Raising employee awareness
External IT security check
The most common targets of hackers are external IT systems and data networks operated by companies. As a first step, we simulate a realistic attack on your servers and applications. In the next step we identify the weaknesses and security deficits that attackers could exploit. In this way, we can reveal the back-doors to your computer systems and provide you with recommendations of how to close them.
- Risk assessment
- Full report
- Suggested solutions
Business Impact Analysis (BIA)
A BIA identifies the impact that any disruption to your critical business functions could have on your operation.
How well do your critical business processes and resources function in terms of ensuring confidentiality, availability and data integrity? What interdependencies exist between systems, business processes and departments? How fast must critical information systems and processes be restored before a significant loss is incurred (financial loss, loss of image)?
Select the business processes and organizational unit
Analyze potential losses
Define recovery parameters
Prioritize business processes on the basis of their criticality
Identify resources for normal and emergency operation
Assign criticality and recovery time objectives for resources
Our experts will help work through your IT audit agenda – from individual IT systems and process audits through to a full-scale IT audit. We will draw up an IT audit plan, conduct the necessary audit procedures and set up an internal IT audit database for sustainable operation.
Within the course of ISAE 3402 audits (SOC1/SOC2), our experts review whether your service organization system is compliant with the standards issued by the Institute of Austrian Certified Public Accountants and the contents of ISAE 3402 regarding:
- Services rendered that are covered by the definition of your service organization system
- Drafting a description of your service organization system and the accompanying management’s written representations that the description is complete and accurate
- Presentation of the functions that are covered by the description of your service organization system and
- Defining and identifying control objectives
- Designing, creating and determining the operating effectiveness of the controls needed to reach the defined control objectives – taking account of risk aspects
- Selecting and defining suitable assessment criteria to be used as a basis for the management’s written representations.