What is Office VBA Security & Compliance Assessment

You use Microsoft Office and VBA in your company, but you actually lack/lack the right overview of how many VBA macros have been created over the years and in which areas of the company they might be used? You want to get to a new version of Microsoft Office or a higher level of security, but don’t know how complex the VBA macros in use are? On this basis, you find it difficult to give a qualified estimate.

You may have already familiarized yourself with our solution offer. But before you invest, you need more arguments to justify an investment. To do this, we offer you our Office VBA Security & Compliance Assessment, in which our competent employees prepare an initial analysis with you on site. We will bring our tools with us for the duration of the assessment.

What does the Assessment include?

We take care of everything necessary to be able to carry out an analysis in your company on site (see also “How does such an assessment work?”). All we need from you are a few information in an interview as well as access to your systems. We treat all data confidentially, of course. The data does not have to leave your company for the assessment.


We analyze all the directories you specify and evaluate the VBA macros it contains. You will then receive a detailed business report with the following values:

  • Number of office files
  • total number of office files with VBA macros
  • Number of different VBA macros
  • analysis of compatibility to an office version you named
  • classifying the VBA macros into 3 levels of complexity
  • identified risks (e.g. registry accesses )
Further individual key figures can be included during consultation with you.

How does such an assessment work?

Step 1: Kick-off event

Together with you, we will discuss objectives and expectations for the assessment. Through a structured interview, we would like to ask you for important information for our further work. We will introduce you to your personal contact for the duration of the assessment and demonstrate the components you need to use.

Step 2: We talk to IT security, data protection and staff representatives

If you would like  we can talk to the responsible people in your house and inform them about data that are collected during the assessment and how it is processed. If there are specific requirements on the part of these responsible people, they will now be included and configured into the components used. This can be, for example, the anonymization of certain data.

Step 3: We conduct the data collection

With  user data you provide we collect the data. If you have a large or distributed infrastructure, you can coordinate night jobs. Due to the high speed of our components, even for several 100,000 files, this survey usually takes not more than one day.

Step  4: Evaluation

The data collected is now compared to different patterns. We summarize the results in a report for you, which we will hand over to you after the completion of the assessment. In addition to the results values (see above), details on the process of collecting the data are also included here. Based on the expectations raised in the interview and the insights that have now been obtained, we will draw up a conclusion for you.

Step 5: Results presentation

Together we discuss the outcome of the assessment, the resulting conclusion and possible further steps. You will receive all the documents we have created. Our components and the data collected will be completely removed from your systems. There is still time for your questions or the consideration of particularly noteworthy case studies here.