Strategically strengthening IT security - according to ISO 27001, TISAX® & more

Information security audit

Why an IT security audit?

Digitalization opens up new opportunities - but also new areas of attack. Cyberattacks, ransomware attacks and internal security gaps threaten companies of all sizes. A structured IT security audit uncovers security gaps and creates a reliable basis for effective risk management - compliant with ISO 27001, TISAX®, NIS2 and CRA.

What is checked?
Our certified auditors analyze:
- Network security & access controls
- Backup - & recovery processes
- Organizational security policies
- Supply chain security & third-party access
The goal is a complete picture of your IT security situation - including a catalog of measures for optimization.
Your advantages
- Early risk identification
- Legal security & certification capability
- More efficient security processes
- IT security strategy with vision

Request advice now

We accompany you personally from the initial consultation through to implementation. Contact us for a non-binding consultation!

What is the difference between information security and IT security?

IT security refers to the protection of technical systems - e.g. networks, servers or computers - against attacks, failures or unauthorized access. Information security is broader: It protects all information and also takes into account organizational measures, processes and people. IT security is therefore a sub-area of information security.

What is an information security audit?

An information security audit is a systematic review of a company's IT infrastructure and processes. The aim is to identify weaknesses, assess risks and develop specific measures to improve security.

Who should have an information security audit carried out?

An audit is particularly recommended for:

Companies with high data protection & IT security requirements
Organizations seeking certifications such as ISO 27001 or TISAX®
KRITIS operators and companies affected by the NIS2 directive

How does an audit work?

The process typically includes:

Preliminary discussion & target definition
Conformity check and verification of technical feasibility
Determination of the maturity level, assessment of the current status and definition of measures to achieve the target status
Results report with recommended measures - ready for direct transfer to your tools (e.g. Excel, ticket systems)
Optional: implementation support

What standards does Schönbrunn TASC work with?

Our certified auditors analyze your IT security based on proven frameworks and legal requirements. We work with the following standards and norms, among others:

ISO/IEC 27001: Internationally recognized standard for information security management systems (ISMS)
TISAX®: Industry standard for information security in the automotive industry
NIS2 Directive: EU-wide requirements for the cyber security of critical infrastructures
SOC 2: Testing of security and control systems for service providers (especially in the cloud environment)
CRA (Cyber Resilience Act): EU regulation with binding cyber security requirements for all products with digital elements - from development and updates to reporting obligations for vulnerabilities

How often should an audit take place?

At least every 1-2 years - or in the event of significant changes in your organization or IT landscape (e.g. new software solutions, cloud migration, mergers).