IT Risk Management

IT risk analyses can be carried out in different ways. The goal is always to create transparency in the first step and to derive recommendations for action and measures based on a risk assessment. In this way risks can be avoided, mitigated, transferred or accepted. In most companies, IT particularly should be given attention, not only because of legal regulations or compliance guidelines but because weaknesses in IT can have company-wide consequences.

Successful IT Risk Management

  • Detects, analyzes, evaluates and monitors IT risks on an ongoing basis
  • Develops measures and contingency plans
  • Establishes an ISMS (Information Security Management System) as well as IT governance
  • Ensures comprehensive IT security management

Your challenge

IT systems in particular and larger IT environments are complex and can thus be fault-prone. There are many risk scenarios which harbor great risks for a company. A further challenge lies in communicating to management the IT risks and measures to avoid, since management and IT usually speak different languages. This is exactly where our IT risk management comes in. Our ISO-certified methodology acts as an interpreter between IT and management, creating transparency and a common basis for decision-making through the evaluation of risks based on corporate key figures.

Our standardized procedure based on ISO27001

Phase 1


Management commitment and definition of threat classes for further evaluation

Phase 1

Phase 2

Identification of damage potential

Structured departmental requirement analysis to the IT systems

Phase 2

Phase 3

Identify IT risks

Overview of the impacts and costs

Phase 3

Phase 4

Evaluation and controlling

Custom-fit definition of measures to achieve the goal

Phase 4

Phase 5


Quick identification of changes and short reaction time

Phase 5

Our offer

Our many years of project experience and technical knowledge enable us to support you in assessing your IT architecture, IT organization and your IT processes. Our offer ranges from initialization to sustainable and comprehensive IT risk management as a managed service. You decide which support you need. We will provide you with the appropriate basis.

Your Benefits

  • Identification, analysis and evaluation of IT risks incl. business impact analysis (BIA)
  • Definition of risk acceptance thresholds
  • Definition of recommended actions for target deviations
  • Effectiveness and efficiency analysis of measures
  • Intelligent addressing of different compliance requirements
  • Business continuity management – detailed information on how to act in emergencies
  • Service level management – detailed information to ensure adequate quality of purchased services
  • Integration of IT risk management into enterprise risk management (ERM)

Risk management can be booked in individual packages:

CFO Package

Definition of Risk Policy
  • Interviews:

  • ✓ With department heads

  • ✓ Analysis of IT requirements

  • Result:

  • Identification of damage

CIO Package

Definition of Scope
  • Interviews:

  • ✓ With IT heads / staff

  • ✓ Analysis of the IT infrastructure

  • Result:

  • Presentation of state-of-the-art GAPs

Risk Manager

Managed Service Package
  • Requirement:

    Carrying out CFO and CIO

  • ✓ Implementation of a hazard and risk analysis

  • ✓ Preparation of a risk minimization action plan

  • ✓ Implementation of an IT risk management process



Managed Service Package
  • Requirement:

    Implementation of Risk Manager Package

  • ✓ Monitoring of the RM process with focus on information security

  • ✓ Planning and coordination of awareness measures

  • ✓ Accompaniment of IS Incident Management


**over a term of 12 months (minimum term) plus one-time flat rate
***over a term of 12 months (minimum term)

Ask me!

Florian Suckfüll