During the audit, the cybersecurity level is assessed by observing in detail whether the generally recommended measures have been adopted:

Organisational measures
People-related measures
Physical control measures
Technological measures.
If obvious organisational or technical vulnerabilities are identified, the client is immediately informed to enable quick-win corrections.

The reference framework used for the audit depends on the client's maturity level.