Knowing where you stand, before others do.
A thorough technical audit followed by a clear report: no abstract threat landscapes, but concrete priorities.
Many organisations underestimate their exposure to cyber threats — not because they are negligent, but because the actual situation is difficult to map from the inside. An independent audit makes visible what is not visible internally.
What we do
- Technical network scans and configuration review
- Review of access management, IAM policy and privileged access
- Analysis of logging, monitoring and detection capabilities
- Assessment of patch management and vulnerability management
- Evaluation against ISO 27001, NIST Cybersecurity Framework and CIS Controls
- Risk report with prioritised recommendations (risk × impact)
Typical project scenarios
01Preparation for certification
A healthcare organisation wants to obtain ISO 27001 certification. We perform a gap analysis against the standard and deliver a clear roadmap to certification, including an estimate of the required effort per measure.
02Audit following an incident
After a security incident, a financial services provider wants to understand how it could have happened and what else is vulnerable. We conduct a forensically oriented audit and deliver a report that can also be presented to the regulator.
03Annual independent review
An industrial company wants an annual independent assessment of its security posture. We conduct a periodic audit that also measures progress against recommendations from previous years.
What to expect from us
- A risk report that is understandable for both technical staff and management
- Recommendations prioritised by risk and feasibility
- No standard reports: findings are always context-specific
- Presentation of findings to the board or supervisory board on request