The partial IS audit is a procedure for assessing the information security status and processes in an organisation. The aim of the partial IS audit is to provide the management level with an overview of the security status and the existing security-critical subject areas in their own organisation with minimum effort. In a partial IS audit, measures from the IT-Grundschutz are considered that form an essential basis for information security and have also proven to be problematic based on empirical data.

The time required for a partial IS audit is limited to approximately 8 to 10 days. The two-person rule has been accounted for in this estimate.

There are no requirements around the implementation of IT-Grundschutz for the BSI to carry out a partial IS audit. Documentation, such as the security concept, does not have to be available.

Federal authorities have been able to apply for the "partial IS audit" service from January 2009. If demand is high, security authorities are given preference. More information on the partial IS audit can be found in the Guideline for IS Audits.