Client Story
About the company: Intact is a global leader in software solutions for audits, certifications, accreditations, and standards. With its modular Intact Platform, the company helps organizations design complex audit processes in an efficient, transparent, and compliant way – both in the cloud and on-premise.
As a global provider of audit and certification solutions, Intact GmbH offers a platform that must meet the highest standards in both security and quality. To live up to this responsibility, the company relies not only on regular security assessments but also on a mindset of continuous improvement – with a clear focus on new perspectives.
For the current year, a collaborative source code review of selected modules is also planned. This will follow various approaches (greybox, traditional review, hybrid) to integrate fresh external insights.
Intact deliberately chose to partner with BearingPoint – for several compelling reasons. A key factor was the broad experience and deep expertise that BearingPoint brings to the table: specialized teams cover both offensive and defensive aspects of cybersecurity. The flexibility and creativity in their approach were also highly valued – instead of relying on off-the-shelf solutions, every step was tailored to Intact’s specific needs.
Equally important to Peter Krainer, Head of IT – Infrastructure at Intact, was the ease of communication and the spirit of partnership. He emphasizes that the collaboration was always straightforward and solution-driven.
The collaboration was always on an equal footing. We especially appreciated the creative ideas, the high degree of flexibility, and the reliable availability of the BearingPoint team – including for follow-up questions and feedback during and after project completion.”
- Peter Krainer, Head of IT - Infrastructure, Intact GmbH
BearingPoint’s offensive testing strategy was precisely aligned with Intact’s needs. While the initial pentest was intentionally broad, the focus was sharpened in later phases – e.g. through specific scopes in the course of cloud expert reviews or a deeper look at applications through hybrid code analyses (hybrid review).
For Microsoft 365 and Active Directory environments, BearingPoint carried out comprehensive configuration and system analyses based on best practices. These included evaluations of administrative privileges, patch levels, policy settings (e.g., MFA, Conditional Access), license usage, and inactive accounts.
The results of individual reviews were each presented in a clearly structured report in personal debriefings. "It is important to us that our customers can talk directly to our experts and ask more in-depth technical questions if needed," explains Philipp Perz from BearingPoint, who co-led the project.
The project with BearingPoint delivered numerous beneficial results for Intact and laid the foundation for the sustainable further development of IT security. As part of the collaboration, clear recommendations were defined to strengthen the company’s security posture, and risks were documented in a structured and transparent way. In addition, a continuous vulnerability scan of the public attack surface was established — providing ongoing visibility and helping Intact meet its compliance and documentation requirements. Through hybrid review approaches, direct engagement with specialized teams, and targeted penetration tests, Intact gained valuable new perspectives on security-critical topics — insights that also provided meaningful input for the internal IT team.
The result is a solid foundation for future initiatives — and a long-term, trust-based partnership that will continue to enhance IT security.
Let’s talk about your challenges — our cybersecurity experts are happy to help.
