IT infrastructure and security audit

Technical security audit

The audit scope is adjusted according to available time and service price. Detailed service descriptions are available.

A light audit shows how the back-end infrastructure is implemented and maintained. We also review how it meets your business needs and continuity requirements. Key security management practices are examined, including update procedures for endpoints, active devices, and servers, as well as backup processes.

On-premises IT infrastructure audit

The audit focuses on the structures and implementation methods of your organisation’s Windows infrastructure. The resulting report highlights what works well, what requires attention, and what may need immediate correction.

Final pricing is determined through a planning meeting, where the audit’s initial information, required scope, and expected outcome are reviewed.

Microsoft 365 environment audit

Microsoft Azure environment audit

Microsoft Azure enables easy deployment of cloud capacity and can be managed by multiple parties. Management models, implementation methods, and practices vary widely.

An Azure audit clarifies the current state of your environment. Regular reviews ensure operational reliability, security, and cost efficiency.

Data centre audit

A data centre audit assesses whether the technical implementation meets business requirements. Identified risks are documented, and remediation costs are communicated.

After the audit, the client organisation and its management have a clear understanding of the current state of the server infrastructure, issues, and corrective actions. The audit also provides information on what should be done and when. This forms the basis of a server infrastructure development plan, serving as a framework for structured improvement of cloud and data centre solutions.

Data communications audit

A data communications audit evaluates whether the technical implementation meets business requirements. Potential risks are documented, and cost information for remediation is provided.

Following the audit, the client organisation and its management have a clear understanding of the current state of network infrastructure, issues, and required actions. The audit also provides information on what should be done in different areas and when.

Microsoft 365 licence optimisation

Disaster recovery plan

Anyone considering high availability or disaster recovery knows it is a complex issue where everything affects everything else:

• How much downtime can the organisation tolerate?
• How quickly can recovery occur?
• How much data loss is acceptable?
• What can different systems, clusters, and redundancies actually handle?
• What could go wrong?

Scope:

• Audit – review of existing plans
• Building the disaster recovery plan
• Presentation of the disaster recovery plan

Application environment mapping

• Helps identify dependencies between systems
• Conducted through interviews with key personnel on-site or remotely
• Results in a dependency map and a separate document with detailed system information based on the interviews
• Provides a comprehensive foundation for other audits
• For example, criteria for assessing system resilience and recovery in technical security audits

As a result of the mapping, the organisation has a clear picture of the application environment with additional information and knowledge of all the applications in use

Vulnerability scan

Comprehensive vulnerability scanning and reporting of the client environment. Identifies and reports critical vulnerabilities to protect organisational security. Scanning can cover all networked devices, including those exposed to the public internet.

NIS2 service

Ensures the organisation complies with NIS2 security requirements covering cybersecurity risk management, reporting obligations, and administrative measures.