Compliance Audits & Assessments
Comprehensive reviews against GDPR, NIS2, AI Act, and integrated multi-regime standards
Compliance Audits & Assessments
A robust compliance audit provides objective evidence of your adherence to regulatory obligations, identifies gaps before regulators do, and delivers actionable remediation roadmaps. Our audits span GDPR, NIS2, AI Act, and integrated multi-regime frameworks, producing executive-level reports with risk matrices, priorities, and clear action plans.
Why Independent Audits Matter
Self-assessments often miss blind spots; independent audits bring external rigour. Our audits:
- Provide defensibility in regulator inquiries ("we engaged independent experts to assess compliance")
- Identify gaps before enforcement action
- Prioritise investments in compliance remediation
- Benchmark your compliance maturity against industry standards
- Support board/governance reporting on risk management
Our Audit Offerings
GDPR Compliance Audit
Comprehensive review of your data protection governance against GDPR Article 32 and supporting obligations:
- Lawful basis mapping for all processing activities
- DPA designation and responsibilities
- Data subject rights processes and timelines
- DPIA documentation and decision-making
- Breach notification procedures and testing
- Data Processing Agreements and vendor management
- Records of Processing Activity (ROPA) accuracy and completeness
- International transfer mechanisms (SCCs, BCRs)
- Data Protection by Design and default controls
- Staff awareness and training programmes
Deliverable: Detailed audit report with control assessment, risk ratings (Critical, High, Medium, Low), and remediation recommendations.
NIS2 Readiness Assessment
For organisations that qualify as operators of essential services or important entities under NIS2, we assess readiness across:
- Risk management measures and governance
- Cybersecurity incident management and response protocols
- Supply chain security and vendor risk management
- Security by design and default in systems
- Reporting obligations and incident notification procedures (24-hour timeline)
- Testing protocols and security exercises
- Staff training and awareness on cybersecurity
- Regulatory requirements under Portuguese DL 125/2025
Deliverable: NIS2 readiness report with gap analysis and phased implementation roadmap.
AI Act Conformity Assessment
If your organisation develops, deploys, or uses AI systems, we assess conformity with the EU AI Act:
- Classification of AI systems (prohibited, high-risk, general-purpose)
- Risk assessment and mitigation for high-risk systems
- Documentation and transparency requirements
- Data quality and bias management
- Human oversight and intervention mechanisms
- Testing, monitoring, and accuracy assessment
- Third-party AI system governance and audit trails
Deliverable: AI Act conformity report with system classification, risk matrix, and remediation plan.
Integrated Multi-Regime Audit
A comprehensive audit spanning GDPR, NIS2, AI Act, and DORA (for financial institutions). We assess:
- Cross-regime obligations and overlaps
- Unified risk and incident management frameworks
- Integrated governance and board reporting
- Vendor and supply chain management across regimes
- Training and awareness programmes alignment
- Cost efficiency through harmonised controls
Deliverable: Integrated compliance report with unified recommendations and implementation prioritisation.
Audit Process & Timeline
Phase 1: Planning & Scoping (1–2 weeks)
We meet with your team to understand processing activities, regulatory applicability, and audit scope. We develop an audit plan and questionnaire.
Phase 2: Information Gathering (2–4 weeks)
Your team completes questionnaires, provides documentation (policies, DPIAs, vendor agreements, training records, incident logs). We conduct interviews with key stakeholders (DPO, IT, HR, legal, compliance).
Phase 3: Testing & Analysis (2–4 weeks)
We review documentation, test control implementation (e.g., DPIA processes, breach response, training records), and interview staff to validate compliance maturity.
Phase 4: Reporting & Recommendations (1–2 weeks)
We compile findings into an executive report with a risk matrix, detailed findings, root cause analysis, and prioritised recommendations. We present findings and support remediation planning.
Total Timeline: 2–3 months for a typical mid-size organisation audit.
Audit Report Components
Our audit reports include:
- Executive Summary: High-level compliance posture and risk overview for board/executive review
- Detailed Findings: Control assessments, gaps, and evidence supporting each finding
- Risk Matrix: Heat map showing critical, high, medium, and low-risk areas
- Action Plan: Prioritised remediation recommendations with estimated timelines and resource requirements
- Benchmarking: Comparison to industry standards and regulatory expectations
- Roadmap: Phased implementation plan for remediation
Pricing Models
- GDPR Compliance Audit (SME, 50–250 employees): €3,000–€6,000
- GDPR Compliance Audit (Mid-size, 250–1,000 employees): €6,000–€12,000
- GDPR Compliance Audit (Enterprise, 1,000+ employees): €12,000–€25,000
- NIS2 Readiness Assessment: €2,500–€5,000
- AI Act Conformity Assessment: €2,000–€5,000
- Integrated Multi-Regime Audit: €8,000–€20,000+ (depending on scope and complexity)
- Follow-Up / Re-Audit (6–12 months post-remediation): 40–60% of initial audit cost
Pricing is customised based on your organisation size, processing complexity, jurisdictional footprint, and audit scope. Request a detailed proposal.
Post-Audit Support
After audit delivery, we remain available for:
- Remediation guidance and implementation support (hourly or project basis)
- Re-testing and follow-up audits (6–12 months) to validate remediation
- Ongoing DPO advisory retainers (transition to DPOaaS or advisory engagement)
- Board reporting on compliance progress and risk management
Schedule Your Compliance Audit
Understand your current compliance posture and get a clear roadmap to remediation. Request an audit proposal today.
Request an Audit Proposal