Services

Structured advisory services for corporate security, ISMS and resilience.

Physical Security & Zoning Models

Site analysis, security zone development and protection concepts — from perimeter to high-security areas.

Concrete Deliverables:

  • Security zone book with zone definitions
  • Threat and vulnerability analysis per zone
  • Treatment plan with prioritization and budget
  • Requirements catalog for security technology (IDS, FAS, CCTV, ACS)
  • Photo documentation with findings protocol

Norms & Standards:

ISO 27001 A.7DIN EN 1627–1630DIN EN 50131VdS 2311CPTED

Typical Scope:

2–4 weeks per site

ISMS / ISO 27001 & Risk Management

Building, optimizing and auditing information security management systems according to ISO 27001 — including risk analysis and treatment planning.

Concrete Deliverables:

  • Gap analysis against ISO 27001:2022
  • Risk analysis per ISO 27005 with risk matrix
  • Statement of Applicability (SoA)
  • ISMS documentation (policies, processes, procedures)
  • Internal audit execution and management review

Norms & Standards:

ISO 27001:2022ISO 27002:2022ISO 27005:2022BSI IT-Grundschutz

Typical Scope:

3–6 months (setup), 1–2 weeks (audit)

NIS2 Readiness & Governance

Gap analysis, implementation planning and governance structures for NIS2 directive and critical infrastructure requirements.

Concrete Deliverables:

  • NIS2 applicability assessment (essential / important)
  • Gap analysis against NIS2 requirements
  • Implementation roadmap with prioritization
  • Governance structure and reporting processes
  • Training concept for management bodies (Art. 20)

Norms & Standards:

NIS2 (EU 2022/2555)KRITIS regulationBSI-KritisVIT-SiG 2.0

Typical Scope:

4–8 weeks (gap + roadmap)

Hybrid Threat Assessments

Integrated threat analysis across physical, digital and organizational attack vectors — for a complete situational picture.

Concrete Deliverables:

  • Threat catalog (physical + cyber + organizational)
  • Probability × Impact assessment per threat
  • 5×5 risk matrix with recommendations
  • Scenario analysis for critical threats
  • Cross-domain treatment plan

Norms & Standards:

ISO 27005BSI Elem. ThreatsENISA TLMITRE ATT&CK

Typical Scope:

2–4 weeks

BCM / Resilience & Crisis Preparedness

Business continuity management, emergency planning and crisis exercises — keeping your organization operational when it matters most.

Concrete Deliverables:

  • Business Impact Analysis (BIA)
  • Business Continuity Plans (BCP)
  • Crisis organization and escalation chain
  • Emergency exercises (tabletop & functional)
  • Lessons learned and continuous improvement

Norms & Standards:

ISO 22301:2019BSI 200-4BCI GPG

Typical Scope:

4–8 weeks (setup), 1–2 days (exercise)

Specialized Security Advisory

Advisory for personnel and physical classified information protection, optimization of existing security concepts and security innovation management.

Concrete Deliverables:

  • Classified information advisory (personnel & material)
  • Security concept review and optimization
  • Security innovation roadmap
  • Compliance check sector-specific
  • Training and awareness programs

Norms & Standards:

SÜGVS-AnweisungNATO SecPolB3S

Typical Scope:

Individual

Get in touch