We treat auditing as a management tool, not merely a compliance exercise. Our audits are conducted to improve decision-making, strengthen security posture, and raise organisational maturity—not to produce reports for their own sake.
Aligned with ISO/IEC 2700x and the Estonian E-ITS framework, we evaluate how controls are actually designed, implemented, and governed in day-to-day operations. The focus is on effectiveness and accountability: what works, what does not, and where risk is being implicitly accepted.
The result is clear, actionable insight for leadership—providing a defensible view of the current state, prioritised remediation paths, and a realistic roadmap toward sustained compliance and operational resilience.
A limited-scope assessment (e.g., against ISO 27001) focused on a specific system, service, or set of documents. This also includes targeted control audits within a defined domain, such as risk management, access control, physical security, or supplier management.
Conducted in accordance with the complete requirements of the applicable standard or auditing framework.
E-ITS Pre-Audit (optional) – An assessment of the organisation’s readiness to undergo the main audit, including identification of initial gaps and recommended improvements.
E-ITS Main Audit – A comprehensive audit evaluating the organisation’s information security management practices against the requirements of the Estonian Information Security Standard (E ITS). The main audit results in an assessment of the level of conformity.
E-ITS Follow-Up Audit (optional) – Conducted when the main audit identifies nonconformities and the organisation seeks confirmation that they have been appropriately addressed.
E-ITS Periodic Audits – Recurring or scheduled audits performed to verify ongoing conformity and to assess the impact of systemic changes within the organisation.
ISO 27001 Internal Audit – The annual audit performed in accordance with clause 9.2 of the standard.
ISO 27001 Pre-Audit (Readiness Assessment) – An evaluation of the organisation’s preparedness for formal certification, including identification of gaps and improvement needs.
ISO 27001 Follow-Up Audit – A review to verify the resolution of identified nonconformities and the implementation of corrective actions.
ISO 27005 Risk Management Audit – Assesses whether the organisation’s risk management processes, methodology, and risk register conform to the requirements of ISO/IEC 27005. Suitable both as a standalone audit and as part of an ISO 27001 or E-ITS audit. Provides an assessment of the risk management process’s maturity and effectiveness against best practices.
ISMS Maturity Assessment – An evaluation of the maturity level of the Information Security Management System, based on either a CMMI-style model or an E-ITS–aligned maturity framework.
Combined Audit (E-ITS + ISO 27001) – A unified assessment covering both standards within a single audit process.
Training or Consulting Session – A hybrid format combining elements of an audit and a workshop, where findings are presented together with practical improvement recommendations.
ISO 27001 Official Certification Audit (Only accredited certification bodies — such as Bureau Veritas, DNV, TÜV — may perform certification audits.)
ISO 9001 / ISO 14001 / ISO 22301 Audits (We only conduct audits related to information security and ISMS; these standards are outside our audit scope.)
Penetration Testing or Technical Vulnerability Assessments (Available only through a partner and under a separate agreement.)
