Audit as a Service (AaaS)
A periodical service thanks to which you will achieve and maintain compliance of applied security measures with normative acts
What is AaaS?
Security audits conducted in the subscription service model, billed in a monthly subscription, are primarily characterized by the possibility of their implementation within the agreed time and scope.
We perform audits based on normative acts in addition to our own experience and technical recommendations that constitute a standard for security, e.g. ASVS, mASVS, CIS Controls, NIST Framework Controls.
Benefits of AaaS
Performing audits in a subscription model brings key benefits, not only in terms of compliance with regulations, but also a real increase in security.
The main benefit is the cyclical verification of security controls that are constantly evolving and have a significant impact on security and business continuity.
The scope of the audit enables verification of the organization's security for key ICT systems, business processes and key persons for the proper operation of the organization.
Another benefit is the possibility of an audit that complements penetration tests and enables verification of technical and organizational security measures.
Characteristics of AaaS
We conduct security audits, which ultimately indicate the possibility of using specific tools to minimize and manage risk and business continuity in the following areas:
- Preparedness to defend against security incidents, risk analysis, rules and procedures for IT security management in relation to technical protection measures, mapping of information resources and business processes;
- Compliance with PCI-DSS, ISO 27001, ISO 22301, TISAX, KRI, KSC, recommendations of the Polish Financial Supervision Authority, GDPR (GDPR);
- IT infrastructure - Operating systems, virtualization, wired and wireless networks, configuration of UTM/NG Firewall and security devices, management of mobile clients, etc.;
- IT applications - Internet-based Inter/Intra/Extranet, Active Directory, Microsoft SQL, PostgreSQL, MariaDB, MySQL, Oracle, Redis databases;
- Dedicated security systems: Data Leak/Loss Protection/Prevention, System Information and Event Management, Privilege Access Management.
Our experience and competence in the field of audits
So far, we have carried out over 200 audits for various companies and public administration units. We have also been audited ourselves, so we know how the audit process works on both sides: the auditor and the auditee.
Our auditors have lead auditor certificates in accordance with PN-EN ISO/IEC 27001, CISA and CISSP, which confirm the knowledge and maturity of the persons conducting the audit.
What is the price of the AaaS service?
The price of the audit directly depends on its duration and oscillates in a wide range from several to several dozen thousand zlotys.
How long does an audit take?
This is directly dependent on the scope being audited. The audit may take two days or two months, but it is worth mentioning that the first audit always takes the longest, because then we get to know your organization and collect data. In subsequent audits, we check previously known security features and verify the changes that have taken place.
What is the difference between a security audit and penetration testing?
Penetration tests consist in finding vulnerabilities in ICT systems, and the audit is a verification of the applied security measures and security rules for compliance with normative acts (laws, regulations, norms, standards).