We provide you with content and methodical support in the preparation of security policies and your security strategy, in drafting suitable concepts and an adequate architecture. Our consultants deliver an optimized contribution to your business strategy and make certain that it complies with the applicable legal or regulatory requirements. Besides profound expertise and our experience of projects in a broad variety of organizations, we offer assistance in the form of methods and templates. Our modular support services assist you in the definition, implementation and monitoring of your security strategy. To do this, we team up to develop a suitable information security management system that guarantees sustainability and a long-term contribution to your strategy.

Security concept

A security concept describes the necessary protection measures with due consideration of the specific needs. Our specialists draft a suitable security concept for your organization or project. The methods applied to creating this security concept are based on the ISO/IEC 27005 standard and are entirely consistent with project management methods such as HERMES or PRINCE2. The security concept addresses the following aspects:

  • Description of the object requiring protection
  • Assessment of the security needs
  • Analysis of potential threat and damage scenarios
  • Assessment of the likelihood of occurrence and the extent of damage (risk analysis)
  • Determination and description of the security requirements and the corresponding action plan to satisfy the security needs
  • Identification of any residual risks

Information security management system

Achieving and maintaining a defined security level requires a systematic approach. We help you to establish, enhance and optimize a needs-based information security, data protection or data security management system. Our security specialists are certified as ISO27001 lead auditors and contribute practical experience from a wide range of industries and organizations. Our support can extend to the following areas:

  • Establishment and roll-out of a management system for data protection or information security
  • Development or revision of policies and instructions
  • Definition of roles and responsibilities
  • Creation of processes and procedures to maintain security
  • Preparation and support for certifications
  • Status quo of the current management system
  • Evaluation and implementation of supporting software

Policies and requirements

Policies and requirements provide a foundation on which to build security-relevant aspects of an organization, while ensuring compliance with upstream regulations. Our specialists support you in the development or revision of internal instructions, policies and requirements. This assistance extends from upstream instructions through to technical policies (e.g. system hardening).


Based on our model for strategy development, we develop a tailored cyber and information security as well as data privacy policy and matching strategy together with your key persons:

  • Management awareness
  • Definition of principles and objectives
  • Governance instruments
  • Performance indicators and benchmarking
  • Action plans and a roadmap

Business continuity management (BCM)

Critical business processes need to be available, even in crisis situations. We help you to establish and maintain business continuity management and the necessary tools:

  • Business impact analysis (BIA)
  • Development of BCM concepts
  • Development of recovery plans and tools
  • Implementation and regular tests