's Ransomware Checkup with Axsos
How does Axsos support companies in implementing the recommended measures after the ransomware checkup?
How does Axsos support companies in implementing the recommended measures after the ransomware checkup?
Information security is not a one-time project, but an ongoing process. The ITQ Ransomware Checkup v3 provides a structured foundation for launching this process with a clear picture of your current ransomware risk. Upon request, Axsos will support you in fully implementing all recommended measures: from technical safeguards and targeted employee training to establishing an effective emergency management system. This creates sustainable protection that ensures your organization remains stable and resilient in the long term.
What is the ITQ Ransomware Checkup v3, and who is it intended for?
What is the ITQ Ransomware Checkup v3, and who is it intended for?
The ITQ Ransomware Checkup v3 is a certified audit process based on recommendations from the BSI, cyber insurers, and state data protection authorities. It is specifically designed for small and medium-sized enterprises (SMEs) that want to systematically assess and effectively reduce their ransomware risk. The audit comprises 89 assessment questions divided into five categories and provides a final report of approximately 30 pages, featuring a graphical representation of compliance levels, a detailed risk assessment, and prioritized recommendations for action presented as a practical roadmap.
What are the five areas that the Ransomware Checkup examines, and why are they crucial?
What are the five areas that the Ransomware Checkup examines, and why are they crucial?
The Ransomware Checkup evaluates five critical areas. “Preventing Infection” examines remote access, multi-factor authentication, email security, and firewall configuration. “Backups and Data Protection Strategy” assesses the physical separation of backups from the internal network, as attackers often encrypt backup data as well. "Training and Awareness" analyzes whether employees receive regular training on social engineering and secure email practices. "Controls, Hardening, and Logging" examines vulnerability scans and central log servers. "Response Measures" evaluates emergency management, including the alert notification plan and emergency communication platform.
What specific results does the Ransomware Checkup provide for businesses?
What specific results does the Ransomware Checkup provide for businesses?
The ITQ Ransomware Checkup v3 provides up to 89 color-coded recommendations for action: high-risk issues are marked in red, medium-risk issues in orange, and low-risk issues in gray. An objective risk matrix calculates risk scores based on probability of occurrence and potential damage, providing a clear basis for the strategic allocation of the IT budget. In addition, the Checkup provides verifiable documentation of compliance with due diligence obligations, which helps mitigate liability when dealing with insurance companies and government agencies.
- Why SMEs and mid-sized companies in particular need targeted security audits
Ransomware Checkup: Do You Know Your Ransomware Risk?
The threat posed byransomwarecontinues to grow every year. It is not only large corporations that are targeted by attacks, but increasingly also public institutions and small and medium-sized enterprises, which often have inadequate security measures in place. Attackers specifically seek out vulnerabilities and not only encrypt production data but also frequently threaten to publish confidential information.Axsos’ITQ Ransomware Checkup v3addresses this threat landscape: It assesses specific requirements, evaluates theransomware risk, and provides clearrecommendations for action to measurably improve your company’s security.
- A structured audit process specifically designed for small and medium-sized enterprises (SMEs)
What is the ITQ Ransomware Checkup v3?
TheITQ Ransomware Checkup v3is a certifiedaudit procedure developed based on recommendations from the BSI, cyber insurers, state data protection authorities, and IT specialists. Theauditcomprises89 audit questionsdivided into five audit groups and delivers a high-quality, approximately 30-page final report featuring a graphical representation of the level of compliance, a detailed risk assessment, and prioritizedrecommendations for action. The audit methods include documentation review, activity analysis, measurement data analysis, on-site inspections, interviews, and document review.
- APCOA PARKING Deutschland GmbH
Reliable IT Infrastructure for the Opening of BER Airport
For the opening of Berlin Brandenburg Airport, APCOA’s entire parking infrastructure had to be up and running on schedule. Axsos completely modernized the scalable IT infrastructure: outdated servers were replaced, the network design was optimized, and new services such as FlowANPR and digital taxi management were integrated. This gave APCOA the stability and reliability it needed to focus on providing dependable service to millions of travelers.
- APCOA Deutschland GmbH
Modern Controlling Instead of Manual Spreadsheet Maintenance
APCOA’s controlling team was working with error-prone Excel reports and lacked standardized processes. Axsos implemented a complete Power BI environment and converted existing reports into automated dashboards. Recurring analyses now update automatically. The controlling team now has more time for strategic tasks rather than routine work and makes decisions based on transparent, standardized data processes.
- Railway and Transportation Union (EVG)
Manage 400 cases securely, transparently, and automatically
EVG used to manage the process for reporting supervisory board appointments for over 400 positions manually using Excel and email. Security risks associated with the exchange of sensitive compensation data and a high administrative burden were weighing on the organization. Axsos developed a secure web application with automated workflows, a protected in-process chat feature, and centralized control. Today , the entire process is audit-ready, transparent, and secure.
- Railway and Transportation Union (EVG)
Secure data management that reduces the workload for members and staff
For a long time, the EVG managed member data manually via mail and email. This led to errors and delays. Axsos developed a secure digital member portal that allows members to manage their own data directly. Automatic validation reduces sources of error, and a complete change history ensures transparency. This significantly reduces the workload on administrative staff, freeing them up to focus on value-added tasks.
- Railway and Transportation Union (EVG)
94% automated: Membership verification with measurable results
Rising application volumes and manual verification processes across two systems were placing a significant burden on EVG’s case processing. Axsos implemented a rule-based, automated verification process using encrypted web services and a central process dashboard. Today, 94% of all verifications are handled automatically. The ROI was achieved in just three months. A scalable solution that grows with EVG’s needs.
- Hosokawa Alpine
98% Customer Satisfaction in Three Months: How Hosokawa Alpine Revamped Its IT Services
Hosokawa Alpine was using siloed systems without a shared database. KPIs were barely visible, and decisions were based on experience rather than data. Axsos implemented Xurrent as a central ITSM platform, featuring a structured service catalog, a self-service portal, and customized KPI dashboards. The result: 98% customer satisfaction and a full rollout in three months.
- Gustav Magenwirth GmbH (Magura)
IT Security as a Strategic Foundation for Growth and Partnership
As a Bosch partner, Magura faced clearly defined security requirements: a robust information security management system (ISMS) and TISAX certification. Axsos worked with Magura to develop a cloud-based ISMS and establish a security awareness program that embeds IT security throughout the entire company. Within eight to nine months, IT security became an integral part of the company’s culture.
- Oxfam
Digital educational initiatives that remain effective even under difficult conditions
Oxfam coordinated training programs for 29 partner organizations in Palestine, Gaza, and Jerusalem using manual email and Excel processes. There was no central platform for course management, learning progress tracking, and reporting. Axsos developed a secure digital education portal with automated registration and integrated Power BI reporting. The organization is achieving time savings of 60 to 70% and has gained a scalable foundation for its educational work.
- Which areas the ITQ Ransomware Checkup v3 checks and evaluates
The Five Test Groups of the Ransomware Checkup
Prevent Infection
The largest audit group covers remote access, administrator accounts, data storage locations, email security on servers and clients, client security, software updates, antivirus protection, and firewall configuration. Of particular concern: inadequate patch management, the lack of multi-factor authentication, and insufficient email protection significantly increase therisk of ransomware.
Backups & Data Protection Strategy
A comprehensiveauditof the data backup strategy and backup processes. The audit examines backup intervals, responsibilities, recovery tests, and the physical separation of backups from the internal network. Attackers often encrypt not only production data but also backups. An external, network-independent data backup is therefore essential.
Training & Awareness
Nearly one in two security incidents is caused by human error. TheRansomware Checkupverifies whether user policies are in place, training sessions are held regularly, and new employees receive training as part of the onboarding process. Topics include: secure email practices, social engineering threats, and safe web browsing.
Monitoring, Curing & Logging
Response Measures
Without effective emergency management, aransomware attackcan threaten a company’s very existence. Theauditverifies whether an emergency notification plan is in place that includes forensic experts, IT support staff, cybersecurity authorities, and cyber insurance providers, and whether an emergency communication platform is available that continues to function even if internal systems fail.
- Tangible Added Value and Report Content for Your Company
What You'll Get from the Ransomware Checkup
TheITQ Ransomware Checkup v3does not provide an abstract assessment, but rather a practical roadmap. Allrecommended actionsare color-coded according toransomware risk: high-risk issues are marked in red, medium-risk issues in orange, and low-risk issues in gray. This way, you know immediately where action is needed.
01
Test Report
High-Quality Final Report
Approximately 30 pages with graphical representations of the compliance rate for each audit group, a detailed risk assessment, and a complete overview of the current status of all audited areas.
02
Measures
Up to 89 recommendations—
All recommended measures are color-coded according to risk level and organized into an initial implementation plan. In addition, a DSV file containing appropriate measures is generated.
03
Risk Assessment
: An Objective Risk Assessment
The risk matrix calculates risk scores based on probability of occurrence and severity of loss. The overall result provides clear guidance for the strategic allocation of the IT budget.
04
Proof
Limitation of Liability & Duty of Care
The Ransomware Checkup documents that a process to improve the level of protection has been initiated. This provides verifiable evidence for insurance companies and government agencies.
- How the Ransomware Checkup Paves the Way for Long-Term Protection
Well-Protected Against Ransomware: The Next Step
Information security is not a one-time project, but an ongoing process. TheITQ Ransomware Checkup v3provides the foundation for launching this process in a structured manner: with a clear picture ofyour currentransomware risk, prioritizedrecommendations for action, and verifiable proof of your due diligence. Upon request,Axsos will support you in implementing all recommended measures, from technical safeguards and employee training to emergency management.