Technical and conceptual security audit (incl. penetration test and configuration review)