Including:

  • Brief analysis of the current IT security situation (actual status)
  • Introduction to the basics of information security
  • Recommendations for ‘quick wins’ (e.g. password policy, software updates, backup strategy)
  • Preparation of a report with a to-do list and recommended measures

§ 1 Scope of Services

(1) The Service Provider conducts a compact assessment of the Client’s current IT security situation (“Short Audit”).
(2) The service includes, in particular:

  1. Brief analysis of the current IT security status, including review of existing protective measures.

  2. Introduction to the basics of information security, including key risks, required safeguards, and organisational responsibilities.

  3. Recommendations for “quick wins”, such as password policy improvements, system/software updates, backup strategy, and basic access control.

  4. Preparation of a written report, including:

    • Summary of findings

    • To-do checklist

    • Prioritised recommendations

(3) The Service Provider does not owe a specific success, but the diligent and professional performance of the services in accordance with the nature of a service contract.

§ 2 Duties of the Client

(1) The Client shall provide all information, documents and access necessary for the assessment in a timely manner.
(2) The Client ensures that relevant contact persons are available.
(3) The Client remains responsible for implementing the recommended measures.

§ 3 Remuneration

(1) Additional services beyond those listed in § 1 must be agreed and compensated separately.

§ 4 Performance Period

(1) The Service Provider will conduct the assessment within [insert time period] after commencement of the contract.
(2) The final report will be delivered no later than [x] working days after completion of the assessment.

§ 5 Confidentiality

(1) Both parties agree to maintain strict confidentiality with regard to all confidential information obtained during the collaboration.
(2) This confidentiality obligation continues beyond the termination of the contract.

§ 6 Data Protection

(1) The Service Provider processes personal data solely for the purpose of providing the contractual services.
(2) Where required, the parties will conclude a separate Data Processing Agreement (DPA) pursuant to Art. 28 GDPR.

§ 7 Liability

(1) The Service Provider shall only be liable for damages resulting from intent or gross negligence.
(2) Liability for indirect damages, consequential losses or loss of profit is excluded to the extent permitted by law.
(3) The recommendations issued by the Service Provider do not constitute a guarantee of complete IT security.

§ 8 Term and Termination

(1) The agreement enters into force upon signature and ends automatically after all services have been fully rendered.
(2) The right to extraordinary termination for good cause remains unaffected.

§ 9 Final Provisions

(1) Amendments and supplements to this agreement must be made in writing.
(2) Should any provision of this agreement be invalid, the remainder of the agreement shall remain unaffected.
(3) This agreement is governed exclusively by the laws of the Federal Republic of Germany.
(4) The place of jurisdiction shall be the registered office of the Service Provider, insofar as legally permissible.