An Information security audit provides a clear understanding of an organization’s current level of protection and existing vulnerabilities. Using established methods and standards, it enables risk assessment and the formulation of concrete measures to improve security.

      The process is carried out in two stages:

​

Stage 1: Review of the Current State
A comprehensive analysis is performed, covering:

• Information security policies and processes

• Administration and access rights management

• Audit logs and security incidents

• Documentation, roles, and responsibilities

• Classification of information and assets

• Personnel security and interactions with third parties

• Change management and system development

• Traffic filtering, cryptography, network and physical security

• Access control, remote work, and malware protection

• Log management, backups, and business continuity planning

• Risk analysis and prioritization

​

Stage 2: Report and Analysis
A detailed report is prepared, including:

• Findings and GAP analysis

• Assessment of compliance with standards

• Identification and classification of risks