Security Audit
Effective audits for increased security, compliance, and long-term improvements
Strengthen your IT security and comply with all relevant regulations with our tailored internal audits and system audits. We combine in-depth technical expertise with practical solutions to provide you with effective improvements and successful certification preparation. Learn from security gaps and enhance your employees' awareness to foster a sustainable security culture.
System Audit
-
Are your systems adequately protected against external attacks?
In a time when cyberattacks are becoming increasingly complex and frequent, the question often arises: Are our systems protected against external attacks? While a simple vulnerability scan can identify known security gaps, true protection requires more in-depth measures. Only a well-thought-out security architecture, combined with the necessary security awareness among all employees, ensures adequate protection.
-
Is your security architecture future-proof?
As part of a system audit, we review the architecture of your IT systems and networks. Whether it’s network security, collaboration security, hybrid and cloud environments, or endpoint protection, we analyze and assess all relevant areas. Additionally, we advise you on how these systems should work together optimally to maximize protection and detect security incidents early.
-
Are your systems truly configured according to current best practices?
Our experts examine the current configurations of your security systems and evaluate them against manufacturer recommendations and the current state of the art. Deviations are identified, and actionable recommendations for improvement are provided.
-
Do your data systems and software components have vulnerabilities?
A vulnerability and exposure check helps identify weaknesses in your internal and external systems. Whether it’s a one-time assessment or continuous monitoring, we provide you with the opportunity to regularly review the condition of your systems and address any vulnerabilities in a timely manner.
-
How do you successfully implement security policies from the Security Office?
Compliance with security policies often poses a challenge. Engineers frequently struggle to correctly interpret and implement guidelines from the Security Office. We assist you in understanding your security standards, implementing appropriate solutions, and demonstrating compliance with these guidelines through audits.
Internal Audit
-
Are you compliant with the relevant regulations and standards?
Our security audit helps ensure that your Information Security Management System (ISMS) complies with current legal regulations such as the new Data Protection Act (nDSG) and the Information Security Act (ISG).
We also assess compliance with recognized standards such as ISO 27001, TISAX, or IT Baseline Protection.
But we go further: We create the necessary understanding among the affected stakeholders regarding deviations and demonstrate how security gaps can be closed. Our goal is to optimally prepare you for external audits, including all necessary documentation.
-
Are your security policies understood and implemented correctly?
Often, a lack of understanding of security policies leads to incorrect implementation. In our internal audit program, we place great emphasis on clearly explaining the requirements and their protective impact to ensure that all guidelines are applied correctly.
-
Is your data storage compliant with the nDSG?
With the new Data Protection Act (nDSG), many organizations face new challenges. Our audit program helps you assess the current state of your data processing and prioritize necessary measures for compliance to avoid fines and security risks.
-
Are your IT processes properly documented and accessible?Well-documented and easily understandable IT processes are crucial for the security of your organization. We evaluate whether your processes meet the requirements and whether they are understandable and applicable for employees. This helps you minimize security risks and enhance efficiency.
-
Are you ready for the certification audit?
With an internal audit program, we specifically prepare you for the certification audit. In addition to a well-documented ISMS, you will receive valuable insights into what external auditors look for, what evidence is required, and how you can present yourself optimally. This way, you can approach the certification audit with confidence.
Effective Learning: By integrating audits and security awareness, you can identify vulnerabilities and learn from them for sustainable improvements.
Optimal Certification Preparation: You will understand exactly what external auditors expect and be well-prepared for the certification audit.
Practical Relevance, Experience, and Technical Expertise: Benefit from our industry experience and practical solutions from numerous implementation projects. Our in-depth technical knowledge ensures precise and comprehensive system audits.
FAQ Security Audit
-
What is the difference between an Internal Audit and a System Audit?
-
An internal audit checks compliance with a standard or regulation. In the context of ISO 27001, this is an ongoing process that validates the entire ISMS, including policies, processes, and systems, over a three-year period and supports the continuous improvement process. System audits are also conducted to verify compliance with the requirements on a sample basis. Another example would be a targeted review according to the requirements of the new Data Protection Act.
-
A system audit focuses on a specific system or system landscape and examines its security against your requirements. This can include internal directives, recognized standards or regulations, manufacturer best practices, or the general state of the art.
For example, a task might involve investigating compliance with the encryption policy in the WAN and remote access environment. Alternatively, we could review the configuration of email communication according to the current state of the art.
-
-
How is the audit team assembled?
Depending on the assignment and requirements, we provide the appropriate consultants. In a system audit, these are technically trained professionals with extensive experience. For an internal audit, we send a team consisting of GRC-certified consultants, along with technical consultants.
-
Why should you outsource an internal audit?
An internal audit also demands independence and skills from the auditors. By engaging an externally appointed team, you can more easily demonstrate this independence. Our consultants bring not only certification but also relevant experience from numerous other projects.
In the context of ISO 27001, external auditors refer to those who conduct the certification audit. BNC intentionally does not offer this service because we want to actively advise and support you, which external auditors cannot do to maintain an impartial assessment.
-
What is the purpose of the results report?
Our goal is to provide you with not only a list of audit results but also feedback on what is working well and how you can improve concretely. The results report primarily serves as proof that you have implemented a proper internal audit program.
-
What standards are supported by BNC?
BNC currently supports you in achieving compliance with the following standards and regulations as part of internal audit measures:
- ISO/IEC 27001
- ISO/IEC 27005
- TISAX
- Swiss Data Protection Act (nDSG) and European GDPR / DSGVO
- Swiss Information Security Act and European NIS-2
- ICT Basic Protection for the Federal Administration