We review the internal guidelines, organizational instructions and processes for data protection.
There is one clear prerequisite for a functioning data protection management system: the duties of the person responsible must be effectively delegated, known in all parts of the company or institution, and implemented appropriately. An adequate set of rules, the implementation of data protection procedures and the fulfillment of documentation requirements can be monitored by initial, ad hoc and regular audits. Our audit is carried out on behalf of the company or public authority management, internal audit, the individual departments, the staff council or on behalf of a processor.
We assess compliance with legal, regulatory or contractual requirements.
Completeness and plausibility of data protection documentation, effectiveness of processes and security measures
If products or services are of high quality and also meet the requirements of the General Data Protection Regulation, it may be worthwhile to prove this by means of certification (EuroPriSe seal). As technical experts (Certified European Privacy Expert), we accompany you within the framework of the current certification criteria.
We accompany you to the certification process and support you with technical expertise in an advisory capacity.
We support you in the preparation of the Target of Evaluation (ToE).
Audit of the contracted processing
If personal data is not processed by the controller itself, but by a contracted service provider, special requirements must be taken into account. Especially when using IT services – which are globally networked or provided by service providers in third countries outside the EU – the contractual and technical measures as well as the sub-service providers used must be reviewed. We pay attention to compliance with data protection requirements by the controller as well as to compliance with legal and contractual requirements by the processors.
Evaluation of the selection and suitability of contracted processing, taking into account special legal requirements (e.g. social data).
Review of contract processing agreements and guarantees for third country transfers and consideration of internal and regulatory requirements (e.g. outsourcing management).
Assessing the appropriateness and effectiveness of technical and organizational measures, auditing processors and subcontractors (e.g., data centers), and considering internal IT security requirements (e.g., CRITIS).
IT auditing is an independent and objective unit for the systematic, risk-oriented and targeted auditing of all information-processing functions in the company. It covers the entire regulatory and technical area. We conduct audits in various industries with different IT auditing tasks. We actively address all areas of IT auditing and ensure an excellent level of performance.
Support with IT audit tasks (e.g. IT audit manual) and risk analysis to identify risky areas, including evaluation and further development of the internal control system (ICS).
Determination of an audit strategy as well as regular planning taking into account common standards (including IDW, ISO27001, BSI, CRITIS, industry-specific regulatory requirements).
Coordination and introduction of auditing processes such as updating the risk analysis, definition of interfaces, e.g. to risk management, and integration into the corporate organization.
Assumption and execution of IT audits, reconciliation of audit results, risks, recommendations and concrete implementation measures.