Audit and Certification

Delegate effectively – the path to success

Compliance audit

There is one clear prerequisite for a functioning data protection management system: the duties of the person responsible must be effectively delegated, known in all parts of the company or institution, and implemented appropriately. An adequate set of rules, the implementation of data protection procedures and the fulfillment of documentation requirements can be monitored by initial, ad hoc and regular audits. Our audit is carried out on behalf of the company or public authority management, internal audit, the individual departments, the staff council or on behalf of a processor.

Instruction system
We review the internal guidelines, organizational instructions and processes for data protection.
Requirements management
We assess compliance with legal, regulatory or contractual requirements.
Audit standard
Completeness and plausibility of data protection documentation, effectiveness of processes and security measures

Certification

If products or services are of high quality and also meet the requirements of the General Data Protection Regulation, it may be worthwhile to prove this by means of certification (EuroPriSe seal). As technical experts (Certified European Privacy Expert), we accompany you within the framework of the current certification criteria.

Certification procedure
We accompany you to the certification process and support you with technical expertise in an advisory capacity.
Target of Evaluation
We support you in the preparation of the Target of Evaluation (ToE).

Compliance

Certification

Internal Audit

Audit of the contracted processing

If personal data is not processed by the controller itself, but by a contracted service provider, special requirements must be taken into account. Especially when using IT services – which are globally networked or provided by service providers in third countries outside the EU – the contractual and technical measures as well as the sub-service providers used must be reviewed. We pay attention to compliance with data protection requirements by the controller as well as to compliance with legal and contractual requirements by the processors.

Selection
Evaluation of the selection and suitability of contracted processing, taking into account special legal requirements (e.g. social data).
Contract
Review of contract processing agreements and guarantees for third country transfers and consideration of internal and regulatory requirements (e.g. outsourcing management).
Security
Assessing the appropriateness and effectiveness of technical and organizational measures, auditing processors and subcontractors (e.g., data centers), and considering internal IT security requirements (e.g., CRITIS).

IT-Auditing

IT auditing is an independent and objective unit for the systematic, risk-oriented and targeted auditing of all information-processing functions in the company. It covers the entire regulatory and technical area. We conduct audits in various industries with different IT auditing tasks. We actively address all areas of IT auditing and ensure an excellent level of performance.

Auditing tasks
Support with IT audit tasks (e.g. IT audit manual) and risk analysis to identify risky areas, including evaluation and further development of the internal control system (ICS).
Audit planning
Determination of an audit strategy as well as regular planning taking into account common standards (including IDW, ISO27001, BSI, CRITIS, industry-specific regulatory requirements).
Auditing processes
Coordination and introduction of auditing processes such as updating the risk analysis, definition of interfaces, e.g. to risk management, and integration into the corporate organization.
Audit reviews
Assumption and execution of IT audits, reconciliation of audit results, risks, recommendations and concrete implementation measures.

Audit and Certification

Delegate effectively – the path to success

Compliance audit

Instruction system

Requirements management

Audit standard

Certification

Certification procedure

Target of Evaluation

Compliance

Certification

Internal Audit

Audit of the contracted processing

Selection

Contract

Security

IT-Auditing

Auditing tasks

Audit planning

Auditing processes

Audit reviews

Do you have any questions?

We will be glad to help you.