Gap analysis
The first step towards the implementation of an ISO 27001 or TISAX®/ VDA ISA-compliant ISMS is to assess the current status of information security at your company. To do so, we join with you – and relevant external partners if necessary – to determine which standardised requirements still need to be satisfied or improved. We use the findings as a basis to infer the activities and measures, along with the necessary workload for implementation.
The analysis method we use is consistently based on the requirements enshrined in the relevant standards.
Furthermore, the identified courses of action enable us to prepare an accurate quotation for the specific consultancy services your company needs.
Risk management
Systematic implementation of risk management is an essential component in preparing for certification. This begins by drafting a mutually agreed catalogue, which gives you a complete and structured list of all information security assets at your company, therefore establishing transparency. An assessment of protection requirements is then derived on this basis, which can be used to evaluate potential risks.
Cost efficient purposeful measures to minimise risks can then be determined and implemented. We can use our expertise to recommend meaningful measures and analyse their effectiveness.
ISMS documentation
Detailed and complete documentation (mandatory documents) must be prepared for the introduction and effective implementation of the ISMS. Included in this are all documents that describe the information security policies (policies), the scope of the ISMS (statement of applicability, SoA), guidelines and procedures, as well processes that focus on information security.
Furthermore, it is imperative to document the asset catalogue, the implementation methodology and the findings of the risk analysis and assessment, as well as the derived measures and their implementation. The document templates in our toolbox are efficient resources that help you to prepare good documents for your company that are also suitable for a planned certification.
Training
Qualifying the management, the relevant employees and the external partners involved at your company in all aspects of your ISMS is an extremely important aspect when preparing for certification assessment. Aside from teaching the meaning and purpose of an ISMS (awareness), this also includes the guidelines, procedures and process requirements that must be taken into consideration and implemented.
The qualifications are designed and carried out by our experienced instructors on the basis of the requirements set out in the standards and the topics addressed in your individual ISMS implementation plan. Our various training concepts use face-to-face classroom teaching, webinars or commercially available training programmes to impart the necessary skills.
Internal audit
Your ISMS must be sufficiently mature to successfully earn certification.An internal audit is necessary to determine maturity, which we perform with due adherence to all specifications and the underlying standards. This audit is like a “general rehearsal” for the certification assessment.
The internal audit is conducted by our certified employees as experienced auditors. Doing so covers all material aspects for a later external audit.
Certification support
Management needs to be actively involve in external audits, along with the appointed, competent staff member. Technical issues can be clarified and answered with the support of our consultant.
By adopting this approach, we act as the connecting link between your company and the accredited service provider during your certification assessment.
ISMS implementation support
Certification must become a living part of a company and cannot remain dry theory. In addition, the certificate is reviewed in regular intervals, so that recertification is required after three years. To ensure enduring implementation of the ISMS at your company, all necessary activities in day-to-day business must be checked by competent employees and improved if necessary.
We are unbiased intermediaries and certified ISO 27001 Auditors or Professionals if you wish to assign these tasks outside the company. You will benefit from our professional qualifications and our soft skills from the roll-out of other management systems (e.g. ISO 9001) and change programmes.
Applying for government funding
Consultancy services for the implementation of information security management systems are eligible for government funding due to the significant importance of information security for organisations and companies throughout all sectors of the economy and society.
At present, the German government and its regional counterparts offer a variety of funding programmes. They may cover some of our consultancy costs, provided certain conditions are met. This applies also to our European neighbours as well, including Austria.Feel free to draw on our experience in applying for government funding.