Our team of experts works meticulously

An information security management system (ISMS) includes regular checks of the most important suppliers. We carry out a supplier audit on your behalf and prepare a detailed audit report, which can also serve as proof, for example, in the context of order processing (in accordance with the EU GDPR or BDSG). Before starting an ISMS implementation project, it should first be investigated whether and to what extent processes and associated measures have already been established and what their status is. Gaps (so-called GAPs) are identified so that we can provide specific recommendations for action for the direct path to successful certification.

Operators of critical infrastructures are legally obliged to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems, components or processes that are essential for the functionality of the critical infrastructures they operate. In addition, compliance with the requirements must be verified in a suitable manner at least every two years, as stipulated by the BSI Act §8a (3). The audit is intended to provide proof that IT security is state of the art. Proof can be provided through safety audits, inspections or certifications. Our lead auditors have industry-specific extensions and are approved or accredited for auditing critical infrastructures.

According to the IT Security Act, operators of critical infrastructure (KRITIS) must perform a KRITIS audit every two years. We are your competent partner for this.

GKV and KH testing association

Against the background of the GDPR and the BSIG, certain organizations are required to check the legal requirements with regard to implementation at their suppliers. The aim of the audit group is to jointly carry out data protection and information security audits of service providers and suppliers of statutory health insurance companies, clinics and hospitals in Germany.

The overlap between service providers and suppliers in the individual sectors is generally large. For this reason, the testing association bundles these audits in order to limit the workload for service providers and suppliers. In addition to conserving resources on the supplier side, this also saves the personnel resources required to carry out these data protection and information security audits on the part of the clinics and hospitals. The costs incurred are also distributed among the participating companies and organizations.

In addition, the testing community is intended to form a network for the exchange of experience between the individual companies and organizations. The testing group meets twice a year for this purpose.

Everything from a single source

Supplier audits/service provider audits
Inventories/ GAP analyses, internal audits, pre-audits
Test/verification procedure according to § 8a (3) BSIG
Formation of test groups

Your advantages at a glance

Auditors with many years of experience and industry expertise
Distribution of costs among the test participants
Conservation of resources on the part of the companies and organizations involved
Conservation of resources at service providers and suppliers
Strong network for exchanging experiences (free network meeting, twice a year)
Data protection and information security training at a preferential price

Knowing what matters

As lead auditors for an accredited certification body, we have a complete overview of the software solutions available for the tool-supported management of information security, risk management and data protection management and their application in practice. Our competent consultants have already proven in many completed projects that they can implement successful solutions for our customers with VERINICE and IRIS, for example. It goes without saying that we work independently of manufacturers and are happy to work with you to find the optimum solution.