Information Security
Management as a Service

IT risk analyses can be carried out in different ways. The goal is always to create transparency in the first step and to derive recommendations for action and measures based on a risk assessment. In this way risks can be avoided, mitigated, transferred or accepted. In most companies, IT particularly should be given attention, not only because of legal regulations or compliance guidelines but because weaknesses in IT can have company-wide consequences.

Your challenge

  • Large, complex, sometimes confusing IT landscapes provoke numerous risk scenarios
  • Growing external requirements (ISO27001, EU-DSGVO etc.)
  • Attention to all necessary IT security aspects in current projects
  • Evaluation of the criticality of individual IT systems on the business

Successful IT Risk Management

  • Detects, analyzes, evaluates and monitors IT risks on an ongoing basis
  • Develops measures and contingency plans
  • Establishes an ISMS (Information Security Management System) as well as IT governance
  • Ensures comprehensive IT security management

Our offer

.

ISM
as a SERVICE

Managed service for setting up and accompanying of the Information Security Management System

.
  • Development of a company-wide information security management system
  • Updating the catalogs in case of changing standards
  • Planning and documentation of ongoing activities
  • Quarterly Risk Management Forum including coordination and documentation
  • Always up-to-date, company-wide information security management
  • Model of the actual situation
  • GAP analysis and action plan to reduce risks
  • Basis for ISO27001 certification
  • Basis for compliance with the GDPR

2,250 € / Month*

.

ISM as a Service
inkl. RM

Managed service for setting up and accompanying the Information Security Management System and Risk Manager

.

In addition to all benefits of the ISMS service package, you will receive the following benefits:

  • Risk manager as an organizational role
  • Detecting security gaps, planning defense strategies and documenting measures and development
  • Monthly reports for the management
  • Monthly status appointments for controlling the ongoing measures

In addition to the results of the ISMS package, you get the following results:

  • Secure and sustainable ISMS process
  • Organizational role of the risk manager is filled
  • Insurance against damage from

     security gaps **

4,200 € / Month*

.

ADD-ON
DSMS

Data Sercurity Management System for compliance with the requirements of the GDPR as an extension to the ISMS

.
  • Development of a data protection management system
  • List of all affected groups
  • List of all processing activities according to Art.30 GDPR
  • Updating the catalogs in case of changing standards
  • Planning and documentation of ongoing activities
  • Close coordination with the risk manager
  • Always up-to-date, company-wide data security management
  • GAP analysis and action plan to comply with the GDPR
  • Automated reports for inquires of affected people and deletion requests
  • Insurance against damages for violations of the GDPR ***

1,350 € / Month*

.

CISO
Managed Service​​

Managed service for the sustainable planning and support of the security strategy in the enterprise on management level

.
  • IT security consulting at management level
  • Definition, ongoing adaptation and implementation of the IT security strategy
  • Supervision of the ISMS and development of protection goals for mission critical values
  • Planning and coordination of audits and awareness measures

In addition to the results of the ISMS package, you get the following results:

  • Independent interface between management, departments, IT and data protection
  • Established process for defining and observance Of the security strategy
  • Sustainable security awareness in management and across all departments

2,400 € / Month*

*     Minimum contract period 24 months
**   In case of damage due to violation of ISO27001 up to damages of 1,5 Mio. / €
*** In the case of damage due to violation of the GDPR up to damages of 1,5 Mil. / €

Our standardized procedure according to ISO27001

Our ISO-certified methodology acts as an interpreter between IT and management, creating transparency and a common basis for decision-making through the evaluation of risks based on corporate key figures.

Initialization

Identification of damage potential

Identify IT risks

Evaluation and controlling

Monitoring