Futuristic server room with cyan data streams and digital architecture lines

Information Security

1. Assessment 2. Architecture 3. Certification 4. Operations

Your company deserves security that goes beyond documentation. We build your ISMS, guide you to certification and operate it in day-to-day business so compliance becomes a normal state, not a one-off project.

Free initial assessment →
MODULE_01

Managed Services

CORE OFFER

External CISO as a Service

Your certified information security officer without recruiting, onboarding or internal ramp-up. Fully operational from day one. Full accountability, no permanent hire.

  • Direct reporting line to executive management
  • Create, maintain and enforce security policies
  • Immediate coordination during security incidents
  • Quarterly reviews with measurable KPIs
RECOMMENDED

Security Awareness Training

93% of security incidents start with people. We turn your workforce from a risk factor into the first line of defense.

  • Realistic phishing campaigns with measurable results
  • Live workshops to identify and resist social engineering
  • Flexible e-learning modules for every maturity level
  • Audit-ready evidence and participation certificates
MODULE_02

Build & Implementation

CERTIFIABLE

ISO 27001 ISMS implementation

From a blank slate to a passed certification audit. We build your ISMS so it survives the audit and works in day-to-day practice.

  • Scope definition and complete asset inventory
  • Annex A controls implemented to fit your environment
  • Internal audits that surface gaps before the external auditor
  • Guidance through certification without re-audit loops
BSI STANDARD

IT baseline protection (BSI)

A rigorous BSI methodology for public bodies and ambitious companies alike. No control module is left unresolved.

  • Structural analysis with clear protection needs per asset
  • Control modeling directly from the BSI compendium
  • Baseline and standard safeguards implemented without gaps
  • Certification readiness on the first attempt
CRITICAL INFRA

Incident response & BCM

When the worst case hits, every minute matters. We make sure your team knows exactly what to do before it happens.

  • Ready-to-use playbooks for each incident class
  • Business impact analysis with critical process mapping
  • Recovery plans with defined RTOs and RPOs
  • Regular crisis exercises under realistic conditions
MODULE_03

Compliance & Regulation

EU DIRECTIVE

NIS2 compliance

NIS2 affects more companies than many expect. We clarify whether it applies to you and bring you into compliance before deadlines turn into pressure.

  • Applicability check with a clear yes/no outcome
  • Article 21 measures prioritized and implementation-ready
  • Reporting processes set up for 24h and 72h obligations
  • Supply-chain risks identified and documented
FINANCIAL SECTOR

DORA compliance

BaFin-ready IT resilience for financial institutions and their ICT service providers. We deliver the framework; you pass the review.

  • ICT risk management aligned to DORA requirements
  • Incident reporting chain including reporting templates
  • TLPT test scenarios for operational resilience
  • Third-party register with risk classification
DATA PRIVACY

GDPR interface

Information security and data privacy should not operate in silos. We align both disciplines into one framework without duplicate effort.

  • TOMs under Art. 32 that hold up under review
  • CISO/DPO coordination without responsibility gaps
  • DPIAs for high-risk processing activities
  • Records of processing kept current and audit-ready
MODULE_04

Assessment & Review

Gap analysis & maturity assessment

You know where you want to go. We show you where you stand, with a prioritized roadmap instead of an endless defect list.

  • Systematic current-state assessment in under two weeks
  • Benchmarking against ISO 27001 and BSI baseline protection
  • Roadmap prioritized by risk and effort
  • Management summary for executive leadership

Risk analysis & management

Risks you do not understand cannot be controlled. We quantify threats according to ISO 27005 so decisions are grounded, not guessed.

  • Full asset and threat landscape
  • Clear treatment options for every identified risk
  • Living risk register with tracking
  • Seamless integration into your ISMS

Audit & certification support

No surprises during the audit. We prepare you so the external auditor confirms what we already know.

  • Mock audits under realistic review conditions
  • Documentation that is complete and defensible
  • On-site support on the audit day
  • Findings tracked through to closure
> FAQ

Frequently asked questions about Information Security

Are we affected by NIS2?
NIS2 covers companies with 50+ employees or EUR 10M+ revenue across 18 sectors, plus smaller businesses classified as critical. In the free initial assessment we clarify whether you are affected and what needs to be done.
How long does ISO 27001 certification take?
Depending on your starting point, typically four to nine months: from the gap analysis through building the ISMS to the external certification audit. We support every step until findings are closed.
What is an external ISO (ISB) as a Service?
You get an experienced information security officer as a managed service, without creating a full-time position. They run your ISMS, prepare audits and maintain ongoing compliance.
What does building an ISMS cost?
Costs depend on company size, scope and existing documentation. After a free initial assessment you receive a fixed quote rather than a flat rate.