Information Security Management

Information security management: The modular system for protection of sensitive data

Sensitive information is processed electronically to an increasing extent in every organisation and requires special protection. A reliable and permanently functioning information security management system (ISMS) is therefore becoming more essential. This forms the framework with which the information security of an organisation can be guaranteed through defined rules and methods. We support you in setting up an ISMS according to IT-Grundschutz (IT baseline protection) and ISO 27001.

All advantages for your information security management system at a glance


Competent and individual: With many years of experience, our IT security consultants, certified auditors and auditors support you in achieving your specific security goals.


Our "secuCheck" enables you to take the first, effortless step towards gaining a comprehensive overview of the current status of information security and supports you in taking further action.


Even if you already operate an ISMS based on earlier IT-Grundschutz catalogs, we will support you in migrating to the new BSI building block model


We enable certification according to ISO 27001 on the basis of IT-Grundschutz. With this recognized certificate, you can prove a functioning ISMS and thus have one of the most valuable security seals in Germany.


An ISMS can only function if employees are appropriately sensitized to information security. For this purpose, we also conduct trainings as well as events for your selected target groups.

10,000 consultant days in 5 years within the public sector

Details on beneficial aspects of the ISMS

Step 1 of 6
Step 1
Step 2 of 6
Step 2
Step 3 of 6
Step 3
Step 4 of 6
Step 4
Step 5 of 6
Step 5
Step 6 of 6
Step 6

ISO 27001 certifications based on IT baseline protection have a term of up to three years. After that, re-certification takes place. To ensure that you continue to be certified, we support you during the annual surveillance audits. For this purpose, we accompany you at an early stage in the planning and handling of changes in the certification network and support you in eliminating identified deficiencies.

In the fall of 2017, the BSI fundamentally modernized IT baseline protection. The previous IT baseline protection catalogs were converted to the new IT baseline protection compendium. The changes have been mandatory for certifications since September 2018. To ensure that your ISMS continues to be based on the latest standards, we provide comprehensive support for migration to the new building block model.

We also advise and support you in transferring the data from GSTOOL, the old database application for creating security concepts according to IT baseline protection, to the HiScout application. In addition, we offer training and support during the introduction of HiScout.

An ISMS can only function if employees are appropriately trained or sensitized to the topic of information security. To this end, we also conduct training courses and events for your selected target groups - whether for new or all employees, managers, administrators or IT specialists. In addition, we offer the conception and implementation of further awareness measures: Our tools range from awareness flyers and concepts to creative topic immersion and live hacking shows.

Security concepts are an essential basis for defining, prioritizing and implementing security requirements for systems or processes. Thus, they are a crucial part of an ISMS. Not only IT-based values are considered: A security concept sets security goals for an environment, which are derived from the risks and the protection needs of the information. We then develop appropriate measures to achieve these goals. A security concept can also cover only parts of the IT infrastructure.

We support you both in the creation of generalized security concepts for your entire IT landscape and in the development of system- or application-specific detailed concepts. The basis for this is the IT baseline protection methodology of the BSI.

Risk management
Awareness events
Live Hacking Shows
Contact request
Do you still have questions about information security management?
Do you still have questions about information security management?

Send us an inquiry via the contact form. We will be happy to help.

Site 1