Secure Your Business




Thanks to a Stage Review made at
A1 Telekom Austria, the project period
could be reduced by six months:

“After the Stage Review, our overview of the
tasks that still needed to be tackled was so

good that the schedule could be revised.”

Mag. Krzysztof Müller

Case Study: Stage Review


Stage Reviews illustrate the state of an implemented managementsystem

On what level is the implemented managementsystem, and which important aspects can be improved? For companies that are in a certification process acc. to ISO/IEC 27001 or ISO/IEC 20000, a Stage Review is an important milestone on the way. But also in general this powerful tool furnishes excellent benchmarking for the quality of a management system with its policies, processes, performance indicators and measures. As a voluntary preliminary review the CIS Stage Review gives information on the status of an information security or IT service manegementsystem and shows strong and weak points as well as opportunities for improvement in detail. For no matter whether there are too few or too many measures, this will be unprofitable. A Stage Review will be conducted by independent CIS Auditors and therefore is fit to enable objective project progress control. In order to make an analysis of the actual state, the specific risks, which depend on the company size and sector, the implemented processes as well as organization measures will be evaluated and compared to the requirements placed by ISO 27001 or ISO 20000. The result will be an audit report, which will assess strong and weak points as well as the concrete opportunities for improvement. A stage review includes the following operating steps:

  • Audit planning: guarantees economically efficient handling
  • Audit procedure: evaluation of risks and strong or weak points within the company
  • Audit report: detailed report with a strength/weakness analysis and opportunities for improvemen


Voices from practice



“The Stage Review increases motivation of the team

and gives additional incentives. Thus the client will obtain

an objective progress report.”
Johannes Mariel, Federal Computing Centre, Austria


“External auditors who will review the overall system later confirm or correct
your course. We can recommend this preliminary review – because
implementing the standard is no routine.”

Mag. Krysztof Müller, A1 Telekom Austria 

“As a preparation for the Certification Audit, we have used a
Stage Review. Obtaining certification in the first attempt is important
for motivating the employees that are to translate the system into action.”

Michael Rösch, POOL4TOOL







CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com