Information security audits (IS audits) are a part of every successful information security management. It is only possible to make statements about the efficient implementation, up-to-dateness, completeness, and appropriateness -- and therefore the current status of information security -- by regularly reviewing the established security safeguards and the information security process. Hence, the IS audit is a tool for determining, achieving, and maintaining an appropriate level of security within an organisation.

The main task of IS auditing is to support and accompany the management, the IS management team and specifically the IT security officer in the implementation and optimisation of information security. The auditing activity aims to improve information security, avoid undesirable developments in this area and optimise the cost-effectiveness of security measures and security processes.

To this end, the BSI has developed "A guideline for IS audits based on IT-Grundschutz", a procedure that can be used by the federal administration as well as other authorities, the private sector and service providers to determine the status of information security in an organisation and to identify vulnerabilities.

In addition, the BSI offers the "IS audit" service free of charge for federal authorities and supports the audits of information networks with its own audit team.

The IS audit web pages help federal authorities in particular to organise and carry out IS audits on the basis of the proven BSI IT-Grundschutz, providing tools to assist with this task.