EN
Services · IT Audit & Compliance
IT & compliance audit (GDPR / NIS2) with management-friendly report
We combine the technical audit of your IT infrastructure with compliance requirements (GDPR, NIS2, best practices) so that you have a clear picture of risks, a maturity score and a realistic action plan.
What type of organizations is this audit for?
IT & compliance audit makes sense when you want to know exactly where you are, before major incidents or external audits occur.
- Companies that process personal data or sensitive data (customers, patients, partners).
- Organizations that fall under NIS2 or are preparing for it.
- Businesses with "organically" grown IT infrastructure and lack of clarity on risks.
- Management that wants a technical + executive report, not just a list of problems.
6-step methodology for IT audit & compliance
- 1
Defining purpose & context
We clarify what is included in the audit (network, infrastructure, applications, processes), what standards/legislation are relevant (GDPR, NIS2, best practices) and what the business objectives are.
- 2
Information collection
We analyze existing documents (policies, procedures, diagrams), conduct interviews with IT and business, collect technical data (configurations, scans, monitoring where available).
- 3
Technical & Compliance Analysis
We verify configurations, access, backup, logging, change processes and incidents, and map them to GDPR/NIS2 requirements and technical best practices (network & security).
- 4
Risk identification & maturity score
We group findings by areas (network, security, processes, compliance), assess impact and likelihood, and calculate a maturity score by key areas.
- 5
Report & recommendations
We prepare a structured report: executive summary for management, technical details for IT, and clear recommendations for reducing risks and increasing maturity.
- 6
Roadmap & follow-up
We build an implementation roadmap together: what we do in 30/90/180 days, what big projects are needed, and how we measure progress. We can stay close on the implementation side as well.
What does an IT & compliance audit typically cover?
The areas can be adjusted depending on the industry and the organization's profile, but in general we touch on both the technical side, as well as processes and documentation.
| Area | What we analyze | Examples of findings |
|---|---|---|
| Network & infrastructure | Topology, segmentation, access, redundancy | "Flat" network, lack of VLANs, single-point-of-failure, lack of cabling documentation. |
| Perimeter & internal security | Firewalls, VPN, filtering, remote access | Overly broad policies, lack of logging, VPN without MFA, lack of separation between zones. |
| Identity & access | Accounts, groups, roles, MFA | Shared accounts, excessive privileges, lack of periodic access review. |
| Backup & continuity | Strategy, frequency, tests, DR | Local backup only, no test restore, no documented or tested DR plan. |
| Logs & monitoring | Centralization, retention, alerts | Scattered logs, insufficient retention, lack of correlation and relevant alerting. |
| GDPR / NIS2 & processes | Policies, registers, procedures, training | Lack of processing records, lack of incident procedures, rare or no training. |
What we deliver at the end of an IT & compliance audit
- Executive report for management (max. 8–10 pages) with main risks and recommendations.
- Detailed technical annex for the IT team (findings, examples, captures, references).
- Risk register with severity, impact and recommendation associated with each risk.
- Maturity score by domain (network, security, processes, compliance) and radar chart.
- Roadmap with concrete actions for 30/90/180 days, with effort estimates and dependencies.
Do you want to know how your IT infrastructure actually stands?
Briefly tell us your organization profile, infrastructure size, and your concerns (risks, controls, growth). We propose an IT & compliance audit package tailored to your context, with a result you can use immediately.