Data protection audit and certification

  • Transparent information about the data protection level at your company
  • A trust-building basis that fosters professional relationships and protects you from liability
  • •A cost-effective alternative to an onsite data protection audit

Through the IITR Cert GmbH we offer legally compliant audits of your company’s data protection procedures and issue standardized certificates.

Continue to IITR Cert GmbH

Web-based data protection audit for your company

We use our web-based audit tool, privASSIST, to check compliance with data protection regulations. The audit tool requests any supporting documents that might be needed and takes a revision-proof approach to documenting your responses and any documents you provide.
Our audit tool is an affordable way to measure data protection compliance.

Meet the requirements of the data protection authorities

Use our web-based audit tool, privASSIST, to check whether you meet the requirements of the data protection authorities. The audit questionnaires of the supervisory authorities are taken into account by our CPS testing standards. As a result, you receive reliable feedback on how your company is positioned in terms of data protection.

CPS and privASSIST: Our standards and audit procedure


Our web-based audit tool, privASSIST, conducts the data protection audit:

  • A privASSIST is a web-based data protection audit tool that measures the level of data protection at a company.
CPS logo

Testing and certification standards are set forth in a CPS:

  • A CPS (Certified Privacy Standard) is an audit and certification standard. It serves as the basis for the data protection assessment conducted by the privASSIST. In addition, the various certification standards feature a conformity assessment program.

privASSIST and CPS are registered trademarks of IITR Datenschutz GmbH.

Companies can be certified according to the following standard:

  • CPS 100: Certification of data protection status for medium-sized companies
  • CPS 300: Certification of contract processors according to Art. 28 GDPR
  • CPS 600: Certification of data protection status for small companies

The following audit standards are also available:

  • CPS 051: Audit of applicant management process
  • CPS 061: Audit of video surveillance systems
  • CPS 071: Audit of home and mobile workers
  • CPS 350: Audit of contract processors according to Art. 28 GDPR
  • CPS 501: Audit for service providers that measures compliance with information security standard ISO27001
  • CPS 911: General audit of HR department
  • CPS 921: General audit of IT department
  • CPS 931: Sales and Marketing

Excerpt from a data protection audit conducted by a privASSIST tool.

An audit that measures data protection

Using a variety of questions from different perspectives, our system is designed to examine data protection issues and automatically catch any responses that deviate from the standard. What you ultimately receive is a comprehensive audit report.

Sample graph from a data protection audit report on contract processors.

Web-based data protection audit with documentation: a reliable audit report and lower costs

Our web-based platform for data protection audits means that questionnaires are a thing of the past. The platform guides you through the questions in a targeted manner and ultimately produces a reliable audit report. The use of web-based technology leads to a significant reduction in costs compared to an on-site audit.

Excerpts from the topics that are queried:

  • Data transfer (automated or manual)
  • Data protection officers (internal or external) and compliance officers
  • Employees: confidentiality agreement, education and training (verifiable)
  • Confidentiality: multi-client capability, separating test and real data, etc.
  • Entry control, access control, usage control
  • Data processing systems (especially server rooms)
  • Rights of data subjects
  • GDPR implementation and documentation

Learn more about IITR Cert GmbH

Contact us directly

* required field


About IITR Cert GmbH

IITR Cert GmbH and IITR Datenschutz GmbH are organizationally separate to ensure the independence of the data protection audits. IITR Cert GmbH specializes in auditing and certification in the field of data protection.

Stay up to date.

Subscribe to our free newsletter and get
the latest news on data protection.