Compliance

SECURITY MANAGEMENT CONSULTING

We accompany you on the way to your certification standard.

TISAX® and ISO 27001

To have your company certified, you need a functioning Information Security Management System (ISMS) that meets your needs. We support you in implementing the requirements for an ISMS in the certification process for DIN ISO/IEC 27001 as well as for the  TISAX® label.

TISAX®

The TISAX® label in the automotive industry was derived from the international standard DIN ISO/IEC 27001 and specifies very concrete precautions and scopes for implementing information security in your company.  In contrast to ISO 27001, TISAX® (short for Trusted Information Security Assessment Exchange) is an internationally acknowledged label that focuses on suppliers and therefore on supply chain security. Of the three protection goals of information security (confidentiality, integrity and availability), the availability of information is a particular focus here. Therefore, a Business Continuity Management System (BCMS) is increasingly in demand to be able to continue production in an emergency, for example. We support you both in the implementation of your BCMS and in the review of the protection and assessment objectives for the TISAX® label:
Contact us to secure your company!

DIN ISO/IEC 27001

The international standard DIN ISO/IEC 27001 supports companies in dealing with individual security risks and optimizing the establishment and further development of an Information Security Management System. This involves creating basic structures within the company and defining specific measures to ensure awareness, sensitivity, and security. A context analysis conducted by us helps to adapt the requirements to the individual needs of your company. For German companies, the BSI standards are considered in the process analysis, so our support can implement the information security measures in your company and thus enable compliance.

Preparing for regulatory requirements (NIS2/KRITIS Umbrella Law)

Cyber resilience is an essential goal that not only is your company interested in, but also the legislator: Especially for critical infrastructure organizations,  there are processes that must be protected against failure due to cyber-attacks. As a European directive, NIS2 represents a tightening of standards: Organizations of a certain size and companies in the supply chain and the public sector are affected by the regulations. We accompany you through the entire change process and never lose sight of your individual needs and your company’s compliance.

Companies with critical infrastructures have a particularly elevated risk and should therefore be specifically protected by the KRITIS Umbrella Act. Defined minimum standards for physical protection are intended to strengthen the resilience of the energy, transport and traffic, finance and insurance, health, drinking water, wastewater, municipal waste disposal, information technology and telecommunications, food, space, and public administration sectors. We work with you to analyze your potential risks and support you not only in implementing suitable risk management, but also in complying with all regulatory requirements in accordance with NIS2, the KRITIS Umbrella Law and the Federal Office for Information Security Act (BSIG). We offer firstly a technical review and secondly advice on optimizing critical infrastructures.

MORE INFORMATION?

Contact us for more information about our products and services.

BOOK NOW