The strong networking of the business processes leads to a physical networking of the individual IT systems where put into practice. Business processes are partially executed above the limits of an organization or of a company away. Examples for this are the EDIFACT procedure, electronic banking, enamel or business-to-business processes via Internet. However, the unlimited communication options result in an increased demand for security. Since other IT landscapes can not be observed by the own IT adminitrators, the quality of the protective measures implemented there can not be judged. Therefore, the enterprise must guarantee the correct level of protection itself that intern and external dangers are excluded for data and business processes.

In order to guarantee the safety of the intern systems IT audits and/or Policy controlling which judge the weak points of the IT on account of systems of rules defined firmly can be carried out. On the basis of the accepted and applied codex "Government for Safety in Information Technology" (BSI) and the „IT Infrastructure Library of the Office of Government Commerce (OGC) (ITIL),  these systems of rules form a combined comprehensive collection in combination from safety definitions and recommendations which improve the safety of the IT components considerably. However, these systems of rules are so extensive that 100% practical solutions can not always be applied. Therefore, we have summarized the most important approaches of these systems of rules, to make an IT audit in a manageable time possible. As a result of the audits measures may be suggested that can be caaried out by the intern administration or by external service providers. Mostly a combination organizational events as well as hardware and software products are necessary.