Service · Updated March 2026

IT Audit
for SMEs

A comprehensive assessment of your IT infrastructure in 1 to 2 days. Network, security, backups, compliance — we identify vulnerabilities and deliver a prioritised remediation plan.

In brief

72% of SMEs audited by ECLAUD IT present at least one critical vulnerability (untested backups, firewall with default rules, stale Active Directory accounts). The initial audit is free for SMEs with 5 to 120 workstations in Réunion Island.

Request a free audit +33 6 58 56 53 79

01 — Stakes

Why audit your SME's IT infrastructure?

Most SMEs have no real visibility into the actual state of their IT infrastructure. The server "works" but nobody has verified its backups in months. The firewall is installed but still running default rules. Active Directory accounts for employees who left two years ago are still active.

An IT audit exposes these blind spots before they become incidents. It is also the mandatory first step if you are considering managed services, a cloud migration, or NIS2/GDPR compliance.

ANSSI recommends an IT security audit at least once a year for every organisation, regardless of size. For regulated sectors (healthcare, finance), it is a legal requirement.

Team conducting an IT audit — infrastructure analysis — The ECLAUD IT audit covers 6 domains: network, workstations, servers, backups, security and compliance.

02 — Checklist

The 30 points we verify

Network infrastructure

— Network mapping (switches, routers, Wi-Fi)
— VLAN segmentation
— Firewall: rules, firmware, logs
— Bandwidth and latency
— Remote access (VPN, RDP)

Workstations

— Hardware and software inventory
— OS versions and security patches
— Antivirus / EDR active and up to date
— Disk encryption (BitLocker)
— Software licence compliance

Servers

— Hardware health (RAID, power supply, cooling)
— OS versions and patches
— Active Directory: GPOs, stale accounts
— Performance (CPU, RAM, disk)
— SSL/TLS certificates

Backup

— 3-2-1 strategy in place
— Frequency and retention policy
— Backup encryption
— Recent restore test
— Off-site / cloud backup

Security

— Password policy
— MFA enabled on critical accounts
— Access rights: least privilege principle
— User awareness training
— Incident response plan

Compliance

— GDPR: processing register
— Sub-processor contracts (DPA)
— NIS2: eligibility verified
— DPO documentation up to date
— Access logging

03 — Method

How does an ECLAUD IT audit work?

Initial contact

A phone call to understand your context, your priorities and to schedule the on-site visit.

On-site visit

Half a day to a full day: automated inventory, network analysis, backup verification, security tests. Non-intrusive, no service interruption.

Analysis and report

Report writing including network mapping, identified vulnerabilities and a remediation plan prioritised by criticality.

Debrief

Presentation of the report in person or via video call. Discussion of priorities, budget and remediation timeline.

04 — Deliverable

What the audit report contains

Network map

Diagram of your infrastructure: equipment, IP addresses, VLANs, Wi-Fi access points, internet connections.

Hardware & software inventory

Complete list of workstations, servers, printers, installed software, versions and licences.

Identified vulnerabilities

Each finding rated by criticality (critical, high, medium, low) with a description of the potential impact.

Remediation plan

Prioritised corrective actions with budget estimates and a recommended timeline. Quick wins identified.

05 — Pricing

How much does an IT audit cost?

Type	Duration	Price
ECLAUD IT initial audit	1–2 days	Free (SMEs 5–120 workstations)
In-depth audit	3–5 days	€1,500 — €5,000 depending on scope
Penetration test (pentest)	2–5 days	€3,000 — €10,000 depending on scope

06 — Frequently asked questions

FAQ — IT Audit for SMEs

How much does an IT audit cost for an SME?

At ECLAUD IT, the initial audit is free for SMEs with 5 to 120 workstations in Réunion Island. It covers network mapping, backup status, security review and priority recommendations. An in-depth audit (penetration testing, NIS2 compliance) is available upon request.

How long does an IT audit take?

The initial audit takes 1 to 2 days depending on the size of your infrastructure: half a day on-site (inventory, tests) + half a day for analysis and report writing. For an in-depth audit including penetration testing, allow 3 to 5 days.

What does the ECLAUD IT audit report include?

The report includes: network mapping, hardware and software inventory, backup status, identified vulnerabilities, GDPR/NIS2 compliance review, and a prioritised remediation plan with budget estimates. Every recommendation is rated by criticality (critical, high, medium, low).

How often should an IT infrastructure be audited?

ANSSI recommends a security audit at least once a year for any organisation, regardless of size. ECLAUD IT managed service clients benefit from continuous monitoring and a formal annual audit included in the contract. A one-off audit is also recommended before any migration project or after a security incident.

Is the audit disruptive to business operations?

No, the audit is non-intrusive. We work primarily through automated inventory tools and passive network analysis. The on-site phase (1 to 4 hours) requires no service interruption. Penetration tests, if requested, are scheduled outside production hours.

Discover Managed IT Outsourced IT department for SMEs Discover Cybersecurity Fortinet protection for SMEs Discover Backup & Recovery Data protection for SMEs Explore All services Our full IT service offering

Do you really know
where your IT stands?

Free audit, no commitment. We come, we analyse, we deliver a clear report.