IT Audit and Compliance Reviews

Service Summary

IT Audit and Compliance
Add Value to Your Business

The IT compliance audit service comprises of a full systems audit review in accordance with PCI DSS, SOX, COBIT, ISO 27001 and other standards, covering all respective areas of information security management. IT audit assists businesses to identify the risks associated with the extensive use of IT systems and maintains a controlled business environment for secure operations and business processing.

Clients Cases

Process Description

We provide IT audit for a number of international standards like ISO 27001, PCI DSS, COBIT, Basel and others. The best practice standard for information security management is ISO 27001, on which, we base our standard audit scope and control checklist. If the client has other compliance requirements we design our audit scope and checklist in accordance.

Our standard audit scope for the ISO 27001 testing procedures includes the following 11 domains of information security:

  • Security Policy
  • Organization of information security
  • Asset Management
  • Human resources security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Information systems acquisition, development and maintenance
  • Information security incident management
  • Business Continuity Management
  • Compliance

During our audit procedures we check each control objective for its design, implementation and operating effectiveness, as per the Global Audit Methodology (GAM). The meaning of each of these three stages of testing is described below:

  • Design - a policy / procedure stated and approved by the company
  • Implementation – how the stated policies / procedures are implemented in the systems and business environment
  • Operating effectiveness – how the implemented controls are functioning over time

The main deliverables from the IT audit are an independent IT audit report stating the areas of risks on the business and any control weaknesses that have been noted over the audit period. In some cases evidence of fraud or override of controls is noted where further forensic investigation procedures may be initiated by the client.


NetSafety is a global information security consulting firm with a head office base in Sofia, Bulgaria and partner offices in Johannesburg, South Africa. Many successful projects across Europe, UK, Africa and Australia provide a proven professional track record and guarantee the high quality of our services.

Simply call us to schedule a meeting and discuss your business needs.

NetSafety (EU)


(+359) 88 9387598
(+359) 87 9387500

Office location:
Sofia, Bulgaria


NetSafety (South Africa)


(+27) 72 2870170
(+27) 11 0783672

Office location:
Johannesburg, South Africa