AUDITS
Verification. Improvement. Compliance.
At CORE Consulting, we conduct internal audits and third-party audits tailored to the unique needs and regulatory requirements of each client.
Why is internal auditing the key to organizational security?
Internal audits are a critical tool for verifying compliance, identifying operational risks, and enhancing management systems. A well-executed audit provides clear insights into how closely an organization’s practices align with its stated policies — and with applicable regulatory requirements.
Internal audits – aligned with current regulatory requirements
We conduct comprehensive internal audits tailored to your organization’s needs, ensuring full compliance across the following key areas:
GDPR – verification of compliance with personal data protection principles
DORA – assessment of digital operational resilience in financial institutions
NIS2/KSC – security audits for operators of essential services and critical infrastructure
KRI – evaluation of compliance with national IT system requirements for public administration
ISO standards – including ISO/IEC 27001 (information security), ISO 22301 (business continuity), and ISO 27701 (privacy information management)
All audits are conducted in accordance with ISO 19011 guidelines and enhanced by industry-specific frameworks such as ISO/IEC 27007, ensuring thoroughness, accuracy, and relevance.
Third-party and vendor audits
At the request of our clients, we also carry out audits of:
ICT service providers – in accordance with DORA and NIS2 regulatory requirements
Personal data processors – as defined under the GDPR and Article 28(3)(h)
Technology and outsourcing partners – within relationships governed by sector-specific regulations
These audits provide clients with a reliable assessment of compliance levels and third-party risk exposure — which, in many cases, constitutes a legal obligation under applicable law.
You can learn more about our vendor audit services in the dedicated Supplier management section.
Our services
Our audits cover a broad range of critical areas, including:
Organizational – structure, responsibilities, oversight, and competencies
Documentation – policies, procedures, guidelines, and registers
Physical security – access control and environmental safeguards
IT systems – system architecture, access rights management, and backup processes
Technical vulnerability scans – performed with enterprise-grade tools
While we do not specialize in penetration testing or source code audits, we collaborate with trusted technology partners who can be engaged in the project upon the client’s request.
Practical
Reliable
Independent
We deliver independent, reliable insights — with actionable recommendations
In every audit, we provide clients with a trustworthy, impartial assessment of their current state — along with clear corrective recommendations when nonconformities or improvement areas are identified.
Our goal is to ensure that an audit is not merely a formal obligation, but a meaningful source of insight and a tool for continuous improvement.