Information security and Data protection

Information (including personally identifyable information) and information processing systems are critical and important for achieving most, if not all objectives of a company. However, information must be considered in different forms. It can be printed, written on paper, stored electronically, by post or electronically transmitted, shown in movies or presentations, or transported verbally in discussions. Information must therefore be adequately protected, regardless of the form of transmitting, sharing or storing.

The term "information security" comprises the totality of all processes in an enterprise, which are established and maintained for the protection of information, PII and the related corporate values. These may be of technical or organizational nature.

In this area, we offer a number of services:

It is important to note however that consulting services and the conduct of formal (certification) audits are excluding each other. This means that our company can serve either as official Auditor within a formal certification process or provide supporting services through consulting, coaching, workshops or trainings. This is important to avoid potential conflict of interest situations, which could influence certification recommendations.

"SECURING INFORMATION IS OUR CONCERN BUT YOUR RESPONSIBILITY!"

Audits

By audits, we mean external, independent audits that we carry out either as an official ISO 27001 certification audit on behalf of BSI (British Standards Institution) or as an external audit to determine the status of companies on the way to certification (so-called ‘2nd party audits’).

ISO 27001 certification audits

Our certified ISO 27001 audits are carried out by experienced lead auditors and guarantee a reliable review of your information security processes. The process includes planning, implementation and final certification, which is valid for three years. You benefit from one contact person for the entire process, which ensures optimal support.

Independent, external audits

In addition to certification audits, we also offer independent audits that serve as a ‘simulation’ of a formal audit. These audits help you to assess the current status of your information security and identify potential weaknesses before a formal certification audit is carried out.

Consulting and Coaching

Customised support for sustainable information security

Introduction of information security management systems (ISMS)

Implementing an ISMS in accordance with ISO 27001 requires extensive experience and specific expertise. We offer you both consulting and coaching approaches to successfully introduce this management system in your company. Our aim is to optimally prepare your company for certification and to effectively implement the necessary processes.

Support until certification

We guide you through the entire certification process - from the initial needs analysis to successful certification. Our coaching approach ensures that your team acquires the necessary knowledge and can further develop the processes independently.

Pre-audits and Gap-Analysis

As a separate service area, we offer independent pre-audits or so-called ‘gap analyses’. By a pre-audit, we mean an external audit in a company before, for example, a main audit is carried out by a certification company. This can also be compared to a practice run.

A gap analysis should be carried out before a pre-audit during the introduction phase of a management system or various standard implementations. The purpose of this analysis is to recognise and highlight significant deviations from the requirements of the standards. This enables the team responsible for implementing the requirements to react to missing elements in good time and also avoid misinterpretations of the standards.

Speeches, Workshops and Trainings

Practical experience and knowledge of methodology and implementation are the keys to rapid and satisfactory success. Lectures, workshops and individual training courses held by us have already contributed to this in the past. We would also be happy to put together a suitable programme for you.

In addition, we also offer formal ISO 27001 training courses (Auditor, Lead Auditor, Implementer, etc.) via our training partner (British Standards Institution). These training courses are accredited by the IRCA. If you are interested, please contact us. 

Experience, partners and reference projects

Our expertise ranges from small companies to multi-national corporations. This broad experience enables us to develop and implement industry-specific solutions.

Audit days
0 +
Interviews
0 +

We have completed numerous successful projects in which companies have benefited from our comprehensive advice and audits. Our reference projects show the diversity of our work and the successes we have achieved together with our customers:

BSI - British Standard Institution

ISO 27001, ISO 20000 and WLA-SCS certification audits worldwide

QLot Consulting, Sweden

Consulting project for a ISO 27001 certification of a client

World Lottery Association (WLA)

Information security - Coaching project

Bavarian Central Authority, Munich

Information security Coaching project, Workshops, Trainings, ...

Krankenhausverbund

Germany - Information security audit in connection with IPW standards

WLA-SCS

Standard development, Guidance documents, Speeches, Workshops,

… as well as further projects and clients