Compliance & Risk Management

Risk management helps in the continuous identification of risks, their systematic assessment and processing, as well as in the transparent and comprehensive communication of residual risks. We join with you to define or optimize your risk management processes, including the following areas:

• Establishment or optimization of risk management
• Definition of processes for the identification, assessment, processing and communication of risks
• Preparation of risk analyses for projects or organizations
• Methodical and content support or the organization of workshops for risk identification and assessment
• Handling of risk management activities

The ICT Minimum Standard is a comprehensive framework for protecting your organization against cyber risks.

We support you in determining the maturity level of your organization. By assessing the status quo in the regard to the ICT Minimum Standard, we evaluate whether you are already compliant or vulnerabilities continue to exist. If the latter applies, we develop a pragmatic action plan that equips you to establish a security process within your organization and hence to comply with the ICT Minimum Standard in the long term.

More Information

We provide comprehensive support for the responsible and secure use of Artificial Intelligence. Through structured assessments, for example, based on ISO 42001, we analyze your existing processes, roles, and controls related to AI. We then identify where risks, optimization potential, or regulatory requirements exist. You receive an independent assessment and concrete, practical recommendations.

Beyond organizational and strategic aspects, we also offer technical consulting – for example, with an GenAI Red Teaming. Whether in the early planning phase or during the further development of existing systems, we guide you on your path to trustworthy and secure AI utilization.

Our security specialists review the fulfillment of legal and regulatory requirements within the framework of the compliance assessment. Structured as a gap analysis, you receive an independent assessment of current implementation levels, as well as a set of recommendations to ensure compliance.

We will gladly support you in the assessment of requirements defined by relevant laws or regulations and collaborate with your specialists to ensure an optimized structure. This is how we lay the foundations for effective and efficient implementation.

Where necessary, our security specialists translate the requirements into the current information security management system or establish a suitable policy.

ISO/IEC 27001 is the world's leading standard for the certification of information security management systems (ISMS).

We are happy to assist you in assessing your organization's maturity level. Through a review, we evaluate whether you already comply with the ISO/IEC 27001 standard or if there are still weaknesses. For the latter, we develop a pragmatic implementation plan that allows you to establish a security process within your organization, thereby ensuring long-term compliance with the ISO/IEC 27001 standard and optimally preparing for certification.

More Information

We support you in the development and certification of data protection and information security management systems according to other standards, such as ISO/IEC 27701, EPDG, VDSZ, and GoodPriv@cy:2018. We ensure optimal preparation for the upcoming certification and accompany the audits through to successful certification.