Technical audit

We offer Drupal technical audits on multiple levels. An audit will help to make the right business decisions and will lead to quicker and more accurate estimates from developers.

What are the benefits of an audit?

Our review may uncover opportunities for improvements regarding performance, SEO, accessibility, code quality, data privacy, security, and maintainability. Existing risks and problems are also reported.

When do you need an audit? 

  • If you are concerned about the general quality of your Drupal project or some aspects like performance, security, or data privacy.
  • You are planning a major development and want to draw the baseline uncovering easy opportunities and potential pitfalls.
  • Before migration from Drupal 7, 8, or 9 to 10.

Why us?

We've been working with Drupal since version 4. Currently we provide audits for 7, 8, and 9 with transparency in our mindset. We use standard tools and practices to measure and assess.

Audit types we provide

Quick review

We can perform this audit based on solely the code, even without having access to the database, the site, or to the production environment. On the functional level, we require only a short brief, a basic understanding of the purpose of the core feature-set.

Typical parts of a quick Drupal audit:

  • Executive summary for the management, from a business perspective. No deep IT knowledge is required to understand this.
  • Lighthouse. Google's open-source audit tool helps us to review the main performance, SEO, good practice and accessibility scores of the public part of the project.
  • Traffic. We will ask for some basic analytics data e.g. monthly and peak time visitor and pageview count, and the geographical distribution of the audience.
  • Integrations. We will ask for and also discover and assess any 3rd party integrations on the frontend and backend.
  • We will check the technical solutions on the codebase layer.
  • We will check the proportion of contrib vs. custom modules.
  • We will get some base information regarding the quality of the code.
  • Drupal coding standards and best practices compliance.
  • Documentation quality.
  • We will find out to what extent the system was maintained and built on a professional level.
  • Were the security updates installed?
  • Automated test coverage.
  • We will check whether the system is future-proof e.g. if a Drupal 8 site is "Drupal 10 ready".
  • We will check and review whether the system has an easy to discover security vulnerability.

Full Drupal audit

A full copy (backup), or access to the live environment is required to perform this audit. We will also need to understand the functionality in-depth, so we will need user manuals and user stories. The prerequisite of the full Drupal audit is a Quick review Drupal audit.

Typical parts of a full Drupal audit:

  • Executive summary for the management, from a business perspective. No deep IT knowledge is required to understand this.
  • Frontend theme review.
  • Display architecture.
  • Content architecture.
  • User accounts, roles, permissions, and access management.
  • APIs.
  • Performance.
  • Security vulnerability scanning.
  • Codebase review.
  • Development and maintainability.
  • Infrastructure.

Data privacy, or GDPR audit

We thoroughly analyze your Drupal solutions, identify where personal data is stored and how it is processed, map the data flow, and finally propose solutions to ensure your GDPR compliance.

Parts of the Drupal GDPR audit:

  • Data discovery, data flow mapping for your Drupal database, core and contrib modules.
  • Data security and protection
  • Data protection by design and by default
  • Records of processing activities
  • Custom solution and integration discovery
  • Data protection impact assessment
  • Data minimisation and Storage limitation
  • And many special audits based on your custom system

It’s always the client’s decision what to implement/automate on what level and what security measures to undertake. We’ve mastered a set of tools which are reasonable step to utilize for e.g.

  • Anonymization
  • Encryption supported by our trusted partner
  • Data subject rights
  • Personalized cookie consent solution capable of blocking even 3rd party cookies.
  • Consents for forms
  • and even more: we can deliver an organisation wide centralized solution.

General findings and conclusion

In each audit, we provide recommendations along with our findings in a form understandable also for the management and in-detail for the IT.

Get the best out of your website

Request audit