Consulting and Coaching

The implementation of an Information Security Management System (ISMS) in accordance with ISO 27001 requires most importantly experience. We are offering this experience, which we have gained through successfully completed projects on the one hand but also through a large number of completed certification audits on the other hand. Data protection is integrated and part of this process.

Every organization works differently. Other cultures, other decision making processes, other structures, different business processes, etc lead to different needs and requirements for information security. Consequently, every management system must be implemented in an adequate, focused but most importantly careful manner within the organization. For that, practical experience is of utmost importance. 

Depeding on the client, we are offering either a straight consulting or a coaching service. Following a situation analysis, the consulting approach provides the basic information, methodology, documents, technical consulting and trainings in accordance with the needs of the organization. The coaching approach is based on a mutual development of the management system, methodologies, technology to be used and related documents. This is leading to the required processes and a continuously increasing knowledge, which allows the independent development of further documents and procedures and the operation of the management system.

We accompany our clients until the certification audit and, if desired, also through the audit itself, thus ensuring successful certification.

You miss the "IT Security" topic?

IT Security is a very critical element of the overal information security topic, but it is important to understand, that IT security only covers - although significant - a part of the subject. Organizational, personnel, physical, operational and legal security are for example other areas, which are not less critical within the ISO 27001 framework. You can have perfect IT security measures in place, but if you are legally not compliant or an employee misplaces critical documents in the public, which were not supposed to be there, IT can not help. Therefore, only a unitary approach can help.