IT Security Audit, Data Protection & Ongoing Cyber Resilience

ACCEM is one of Spain's leading social inclusion organizations, with 3,800+ employees across 15 autonomous communities serving 95,000+ people annually — including refugees, migrants, trafficking victims, and unaccompanied minors. Their systems handle highly sensitive personal data across distributed offices and accommodation centers. After years of organic growth, the IT infrastructure had accumulated technical debt: inconsistent access controls, unpatched systems, no centralized monitoring, and no formal incident response plan. A breach could expose vulnerable populations to real harm and put the organization at serious regulatory risk under GDPR.

We started with a full-scope IT security audit across network infrastructure, web applications, access management, and data handling workflows — covering both headquarters and distributed regional offices. We ran vulnerability scans and penetration tests against external and internal assets, audited user privilege levels and credential policies, and reviewed data flows to map where sensitive information was stored, transmitted, and exposed. From the findings, we built a prioritized remediation roadmap organized by risk severity. We then moved into implementation: firewall hardening, endpoint protection rollout, network segmentation, access policy enforcement, and deployment of centralized log monitoring. We wrote incident response playbooks tailored to their operational reality, ran a phishing simulation campaign as a baseline, and delivered security awareness training across all staff levels. The engagement continues with quarterly reassessments and ongoing advisory.