Our Services
Security Management
and Compliance
We assist you in implementing, assessing, improving, or reviewing your information security and risk management processes, taking into account your organizational context, your corporate culture, and the compliance requirements relevant to your company.
ISMS-Consulting
With professional ISMS consulting, we assist our customers in establishing, implementing, and continuously improving their Information Security Management System (ISMS).
We provide practical guidance in defining security objectives, developing the required policies and processes, conducting risk assessments, and implementing appropriate technical and organizational measures. Existing structures are efficiently integrated to ensure that information security remains both cost-effective and practical to implement.
Information Security Risk Management
Structured information security risk management is the foundation for identifying threats at an early stage, assessing risks in a targeted manner, and effectively implementing appropriate protective measures. We support companies in systematically identifying, analyzing, and sustainably managing risks related to information, systems, processes, and business operations.
Together, we develop a practical approach to risk assessment, define evaluation criteria, and establish processes for the identification, assessment, prioritization, treatment, and monitoring of risks.
Development of Policies
Clear, practical policies establish binding standards and are an essential component of effective information security and compliance organization. We assist companies in the creation, revision, and harmonization of policies, standards, guidelines, and operating procedures—tailored to your corporate structure, risks, and regulatory requirements. In doing so, we focus on clear language, high acceptance, and seamless integration into existing management systems and processes.
ISO 27001 Gap Analysis and Internal Audit
With an ISO/IEC 27001 gap analysis, we assist companies to objectively assess the maturity level of their Information Security Management System (ISMS) and develop it in a targeted manner. The analysis provides transparent insight into which requirements of the standard are already fulfilled, where action is still needed, and how effectively existing processes, measures, and controls have been implemented.
Whether for initial certification, as evidence for the internal audit in accordance with ISO/IEC 27001, or for the regular effectiveness review of your management system, ISO 27001 gap analyses provide certainty, transparency, and a reliable foundation for sustainable compliance.
Support with the implementation of the NIS 2 Directive, the Cyber Resilience Act, and DORA
Requirements for cybersecurity, resilience, and regulatory compliance are increasing significantly across Europe. We provide practical support to our customers in implementing legal and regulatory requirements such as the NIS 2 Directive, the Cyber Resilience Act, or DORA.
Together, we assess your current level of implementation through a gap analysis, identify areas requiring action and developing concrete measures to meet the relevant requirements. We are also happy to support you in the subsequent implementation of the identified measures.
Support in the Selection of GRC Tools
Once an ISMS reaches a certain level of maturity, many companies develop the need for a professional tool to support key tasks such as risk assessments, compliance assessments, and the management of measures and activities.
We assist companies in selecting the right Governance, Risk, and Compliance (GRC) solution in a structured, objective manner and based on their specific business requirements.
In the first step, we work together to identify the relevant requirements and use cases across the various GRC domains. We plan, facilitate, and document workshops with the specialist departments to analyze existing approaches and define clear expectations for a future tool. Based on this, we create a structured requirements catalog or an RfI document.
On request, we can also assist you throughout the entire RfI phase, align your requirements with solutions available on the market, and identify suitable vendors for an initial shortlist. After receiving responses, we systematically evaluate the results, formulate follow-up questions where necessary, and recommend suitable solutions for further detailed review as part of a Proof of Concept (PoC).
Consulting on Business Continuity and Emergency Management
Effective emergency and business continuity management ensures that companies remain operational even in the event of major disruptions or security incidents and that critical business processes can continue. We assist you in the structured development, refinement, and practical implementation of your emergency and business continuity management framework.
As a first step, we recommend conducting a half-day kick-off workshop with representatives from the business departments and IT. The objective is to create a shared understanding of risks, impacts, and organizational requirements in emergency and continuity scenarios, and to lay the foundation for a robust overall concept. We will the assisst you in designing, structuring, and developing of a practical emergency preparedness and business continuity concept.