maturity level analysis of information security

The secure operation of information technologies in companies is complex. Numerous technical, organisational and personnel aspects are to be taken into account. In addition, there are also legal regulations to enforce the implementation of certain security concepts.

We can provide the respective maturity level analysis to assess the actual state of all concepts and their interaction within your IT environment. This analysis is based on comprehensive interviews with the IT and system managers, using detailed questionaires, documentation reviews and site inspections. The applied assessment materials are proven in practice and comply with ISO/IEC 27001.

The following main areas are covered by the analysis:
  • Management & Organisation
  • Technology & Operation
  • BCM & Emergency Plan
  • Physical Security
  • Contractual Relationships
  • Software Development & Maintenance (optional)
  • Cloud-Computing (optional)

In more complex IT environments the assessment is generally performed by two auditors with shared responsibilities for audit management / interviewing and response documentation. 

Example Maturity Level Analysis
In addition to the presentation of results within the questionnaires and the identification of necessary measures, the results will also be displayed in radar charts which are ideal for a presentation on the actual state of the information and IT security to the management.

It is recommended that the analysis is carried out in combination with a technical assessment (e.g. vulnerability analysis, penetration test, etc.)