Standard-based Security Audit (ISO, NERC, BSI, SANS 20, etc.)

Security Audit
IEC 62443


We analyze and benchmark the information security level of the organization, department or system in scope, based on international standards (ISO 27001, 27002, SANS 20, IEC 62443, NERC CIP, etc.) to plan security mitigation measures based on facts.

Product description

Understanding and managing information and IT security in an organization can be a complex undertaking. Getting a bird’s eye view of your current information and IT security landscape is the foundation to understand where you are and what strategic and tactical steps need to be taken.

With our ISO security audits you can easily determine your organization’s information and IT security strengths and weaknesses, and derive measures to better protect your assets.

Oneconsult will support you with this endeavor applying relevant international information and IT security standards to assess your situation, taking into account your industry and organization-specific circumstances.

We have a team of certified ISO 27001 Lead Auditors. Depending on your requirements, our security audits may be carried out based on ISO 27001, ISO 27002 or your own methodology.



Depending on customer requirements and context, our security audits may be based on different standards or recommendations.

Information and IT security standards:

  • ISO 27001 and 27002
  • ISO 27011 (ISO 27002 for telecommunications organizations)
  • ISO TR 27015 (ISO 27002 for the financial sector)
  • ISO TR 27019 (ISO 27002 for energy sector)
  • ISO 27799 (ISO 27002 in health informatics)
  • BSI-Standard 100-X (IT-Grundschutz standards)
  • SANS 20 (20 critical security controls for effective cyber defense, a subset of NIST SP 800-53)

ICS (SCADA / DCS) standards:

  • IEC 62443 (industrial communication networks)
  • NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection)
  • etc.


About Oneconsult

Oneconsult AG is an internationally operating Swiss cyber security consulting company with offices in Switzerland and Germany, a customer base of 250+ organizations and 1000+ completed security projects worldwide. We are your trustworthy partner for a holistic cyber security approach against external and internal threats such as APT, hacker attacks, malware infection, digital fraud and data leakage. Our core services are penetration tests, ISO 27001 security audits and IT forensics. To protect your organization and mitigate specific information security risks, Oneconsult also offers practical security consulting, security training and virtual security officer services. We have dedicated IT security researchers and a large team of certified penetration testers (OPST, OSCP, etc.), digital forensics experts (GCFE) and ISO security auditors (ISO 27001 Lead Auditor).

Help the seller understand how this product meets your needs
Contact name
+41 43 377 22 22
Offices in Switzerland & Germany
Oneconsult AG