• IT security actions: from risk analyse to employee super vision
  • ISO 27001 area in conflict to GDPR
  • Transparence rule: Your obligations of information and documentation
  • Cooperation rights works council: When they may and when they have to be integrated?
  • Access rights authorities: Which data has to be provided and which not
  • IT Security incidents and data protection incidents. These are your information obligations

We advise you beginning with the concept thru the implemantation and completion - if requested as project manager in your project management.

Information Security Sequence



Record of actual situation

  • Organisatorical and technical check of existing IT infrastructure
  • Verification of processes
  • Verification of IT security
  • Etc.


  • Based on ISO 27000 program and parts of German BSI base protection recommendation
  • Of the general security level
  • Existing Infrastructure
  • Legal demands like data protection)
  • Etc.

Consulting and presentation

  • Report hand over
  • Discussion of security standards of your business based on the documentation
  • Risc analyse
  • Recommendations for actions
  • Etc.




The execution of actions is oriented on your priorisation based on budget and risk analyse such as


  • Emergency provision
  • Working with external IT provider
  • System recovery times


  • Administrator accounts
  • Network access
  • VPN and WLAN encryption
  • Authentification
  • Content security: web filter, spam filter


  • Protection of malware
  • User access management
  • Mobile device management
  • Passwords and encryption
  • Infrastructure securityand access control
  • Server room


  • Impact of IT black out
  • Administration
  • Security policies




Regular inspection of realized actions in place and its acceptance

In dependance of your specification we drive a gradual (or fast paced) development to the succesful conditon for reaching ISO 27001 certification in a continuous PDCA cycle.


Yes, we do also have references - and not only just a few. They are very clear - positive for us. But how to get publishing in accordance with data privacy and integrity. It is possible - but only with heavy obligations. Therefore we decided not to publish here. In case of collaboration we may present in a face to face conversation if you want to.