Datakom IT Security Audit

A clear view of compliance, technical risks and the next steps for improving security

IT Security Audit

helps you

assess your current position

identify the most significant compliance gaps and technical risks

create a prioritised action plan for management and the IT team

The purpose of the audit is not simply to identify shortcomings. It is to help your organisation understand

What

needs to be addressed first

Why

why it matters

How

how to put the improvements into practice

Three audit levels

for different organisational needs

Compliance Essentials

Cyber Defense Basic

Cyber Defense Pro

Regulatory compliance and documentation gap analysis

Compliance + technical security assessment with auditor review

Comprehensive 360° cybersecurity audit with an improvement roadmap

Designed for organisations that need an initial understanding of their readiness for Cabinet Regulation No. 397, NIS2 / the National Cybersecurity Law or another selected regulatory framework.

Designed for organisations where a document review alone is not enough and practical technical risks in the IT environment must also be understood.

Designed for organisations with a higher risk profile, regulated industries or businesses seeking a full assessment of their cybersecurity maturity.

Primary focus:

Documentation, policies, processes, roles, evidence and compliance gaps.

Primary focus:

Compliance assessment, vulnerability testing, auditor review, prioritisation of technical risks and a management presentation.

Primary focus:

In-depth security assessment, internet-exposed assets, phishing testing, security maturity, CISO-level consultation and a follow-up review of improvements.

Best suited when:

Your organisation needs a quick overview of its current compliance status and a solid foundation for further security improvements.

Best suited when:

Your organisation needs to assess not only formal compliance, but also real-world vulnerabilities, configuration issues and IT governance risks.

Best suited when:

Your organisation needs not only to audit its current position, but also a structured path towards a higher level of cybersecurity maturity.

How does the audit work?

1

Initial assessment

Together with the client, Datakom clarifies the organisation’s profile, regulatory requirements, the scope of the IT environment, infrastructure specifics and the current state of security governance. 

2

Defining the scope

We define the audit scope, systems involved, required access, documentation, responsible contacts and the selected audit level.

3

Conducting the audit

Datakom reviews documentation, processes and, in selected packages, technical risks. Findings are structured by severity and potential impact on the organisation.

4

Report and executive summary

The client receives a clear audit report covering findings, risks, priorities and recommendations. The results are explained in a way that is useful to both the IT team and management.

5

Action plan

A practical improvement roadmap is prepared, outlining what needs to be done, in what order, at what priority and which risks each step reduces.

A comprehensive IT security audit to protect your business

The audit scope is tailored to the organisation’s situation, risk profile and selected service level. Depending on the objective, Datakom assesses the following areas

Governance and regulatory compliance

Information security policy, allocation of responsibilities, risk management, incident management procedures, essential security documentation and readiness to meet Cabinet Regulation No. 397, NIS2, the National Cybersecurity Law, ISO 27001 or other requirements.

IT infrastructure security

Organizations with very low tolerance for downtime. Servers, workstations, network segmentation, internal and external IP addresses, virtualisation, cloud resources, vulnerabilities and internet-exposed assets.

User access and identity security

Microsoft 365, Active Directory / Entra ID, user and administrator access, account management and identity-related security risks.

Resilience and monitoring

Backups, recovery readiness, use of a SOC, log collection and retention, security tools, incident history and user security awareness training.

What does the audit deliver?

An overview of your current IT security and compliance position

A gap analysis against the selected regulatory framework, such as Cabinet Regulation No. 397, NIS2 / the National Cybersecurity Law, ISO 27001 or DORA

The most significant gaps identified in documentation, processes and the technical environment

Clear explanations of technical findings, including risk level and potential impact on the organisation

A prioritised improvement plan with practical next steps

An executive-level summary to support decision-making

The audit approach allows you to begin with compliance and documentation, then expand the assessment as needed to cover technical risks, internet-exposed assets, security maturity and follow-up verification of improvements.

Why Datakom?

1

An ISO-certified approach to governance and security

2

Experience delivering cybersecurity, IT infrastructure and managed IT services

3

24/7/365 SOC monitoring and incident escalation expertise

4

Compliance experience across NIS2, DORA, PSD2, ISO and other requirements

5

Certified security and IT governance specialists

6

A technology and partner ecosystem including Palo Alto, HPE Aruba, Barracuda, Cisco, IBM and others

7

Experience across enterprise, public-sector and regulated-industry IT environments

Find out how secure your IT and business really are

Datakom IT Security Audit gives you a clear view of where your organisation stands today, which risks matter most and what should be addressed first.


    FREQUENTLY ASKED QUESTIONS (FAQ)

    No. Vulnerability scanning is only one possible component of an audit. An IT security audit may also assess documentation, processes, responsibilities, access controls, incident management, compliance and security governance.

    Yes. The audit helps you understand your current position, identify gaps and create a prioritised improvement plan. It provides a practical starting point for achieving compliance.

    Yes. The audit can assess the documentation, processes, evidence and technical controls needed to progress towards meeting the requirements of Cabinet Regulation No. 397.

    Yes. The audit provides an independent assessment of whether existing processes, technical controls and responsibilities are sufficiently clear and appropriate for your organisation’s risk level.

    The duration depends on the selected service level, the size of the organisation’s IT environment and the required depth of technical testing. During the initial discussion, Datakom helps define the appropriate scope and timeline.

    Yes. Following the audit, Datakom can help improve documentation, reduce technical risks, strengthen security governance or conduct a follow-up assessment.

    Professional IT services and infrastructure solutions for businesses. We provide reliable technology support and managed services.

    SIA Datakom

    Reģ. nr. 40103142605
    PVN reģ. nr. LV40103142605

    Maldugunu iela 2, Marupes novads, Marupe, LV-2167, LV 40103142605

    AS Luminor Bank Latvian branch, RIKOLV2X LV69RIKO0000080227272

    Office

    +371 67628888
    Sales
    +371 67628888
    Service
    +371 67442800

    Marketing

    +371 67628888

    Tiki-Taka PAY
    Datacenter AI

    © 2026 DATAKOM. Professional IT services.
    All rights reserved.