IT industry audits: to confirm the effectiveness of existing operations or identify any changes that may be necessary

In addition to personal safety, IT security, in the sense of confidentiality, integrity and availability of computerised data, has become an increasingly critical factor in safeguarding the integrity of businesses and the work of the people. Security requirements are normally met by adopting physical and procedural measures, but there is an increasing trend towards the introduction of sophisticated tools and hardware, firmware and software, for which specified levels of protection must be ensured. In view of the increasing volumes of legislation governing IT security introduced in recent years, it is vital to be able to estimate the degree of confidence that can be placed in the security measures taken. To meet this need, IMQ offers a set of IT security assessment and auditing services based on internationally defined and recognised methods and criteria.

Audits play a key role in the IT industry, and can be the decisive factor that gives a business a competitive edge.

Audits in accordance with ISO/IEC 27018

ISO/IEC 27018 is the first and only international standard that establishes control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, ISO/IEC 27018:2019 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environments of a provider of public cloud services. The aim of the audits conducted by IMQ is to verify the real-world application of the code of conduct for the protection of PII by cloud providers in public cloud services.

ICT security formal assessments

  • Formal assessment in accordance with the Common Criteria (ISO/IEC 15408): security assessment of ICT systems / products and of protection profiles, to obtain certification from OCSI, internationally recognized
  •  Support to organizations in defining Security Targets or Protection Profiles compliant to Common Criteria requirements

ICT security audit with statements of conformity

When formal evaluation for third-party certification against Common Criteria or against a reference standard is not possible, IMQ can support customers by providing an ICT security audit followed by a statement of conformity. In this case, the audit process is tailored to: the set of ICT security requirements established on the basis of all contractual and legislative obligations that may be applicable to the organisation requesting the statement and agreed and validated by the latter; verification in accordance with a bespoke method defined according to criteria of efficiency and effectiveness and taking account of all the applicable reference standards. 
In case of a positive outcome of the audit, a statement of conformity with the defined ICT security requirements can be issued by IMQ. 



Management system certification is the endorsement enjoyed by organisations that have chosen to equip themselves with efficient management systems and suitable skills and structures, aimed at continuous improvement. And the higher the prestige of the awarding body, the higher the value of the guarantee. Equipped with state-of-the-art technology, our laboratories have full capability to put products through all the checks required by the major European directives and international standards. The certifications issued by IMQ are synonymous with trust. They guarantee safety, performance, efficiency and quality standards. More than 10,000 companies have turned to IMQ to certify their products and stand out on the market. Notified body for the main EU directives, IMQ offers tests and CE certifications to assess the conformity of the products to the requirements required to be marketed on the European market. Inspections and audits validate the conformity of electrical installations, equipment, supplies and services with the applicable technical and legislative specifications. IMQ is leader in Europe in the conformity assessment activity, technical partner chosen by Ministries and Authorities for market control purposes. IMQ is a brand recognized by the market as a synonym of safety and quality, and an internationally recognized partner, a valued member of the main international regulatory work groups. All IMQ personnel are required to strictly observe professional secrecy. IMQ has been working for 70 years trying to anticipate the future, to make the present safer.