information security audit
DEKRA Audit

We offer several audits focused on information security. Discover them here

Information security audit

Protect your data with a reliable information security audit

Certification is the perfect way to demonstrate your organisation’s compliance with information security requirements. If the information security audit shows that your organisation meets the requirements stipulated by a particular standard, you will obtain the corresponding certification. Read on to find out more about information security audits.

Data plays an important role in every company and organisation and includes information about business processes, (potential) customers, employees and suppliers. Sound information security is a bigger priority than ever before, especially given increasing digitalisation and strict regulations on data storage.

Information security standards

Various standards relate to the information security of organisations and/or employees. Several important information security standards follow below.
    ISO 27001 is a guideline that organisations can use to make sure their (digital) information systems are secure. To obtain ISO 27001 certification, all the following aspects of the standard must be in place: a risk analysis, risk management, physical and digital security strategies and incident management protocols.

    The information-security-audit process

    In an audit, the auditor carries out an objective assessment to see whether an organisation meets the information security requirements described in the standard in question. The exact nature of the audit varies because different requirements and conditions apply for each standard. However, most information-security-audit processes involve the following:

    Information security scan

    Before requesting an external audit for a particular security standard, we advise you to perform an information security scan to analyse information security in your organisation. There are several ways to do this, including a test audit. DEKRA can conduct a test audit on your risk assessment, policy and/or how you implement various measures. This audit is not part of the certification process. It reveals the current level of information security in your organisation, which enables you to focus on any points for improvement that would prevent you from meeting the requirements of the standard in question.
    People Based Auditing
    Audits assess compliance with standards but also the people who are required to work in line with them on a daily basis - because they decide how to implement processes, systems and procedures. This is why DEKRA auditors always carefully consider human aspects during audits. We call this approach People Based Auditing and it forms an integral part of our audits. Click here for detailed information about Peopled Based Auditing.

    Information security audit conducted by an expert

    As an independent certification body, DEKRA offers various types of information security audit​. Our auditors have the experience and expertise necessary to carry all these audits. They will guide you throughout the process, from preparation up to and including completion of the audit. Please don’t hesitate to contact us to find out more about the information security audit or any other audit. Our experts are always happy to help!
    Do you have a question? Get in touch with one of our experts
    DEKRA Audit Sales

    Meander 1051

    6825 MJ Arnhem

    Everything about Information Security
    Do you want to know more about information security? Find out and read more about it in this blog.
    Read more