Skip to main content

IT Security Standards & Compliance

Expertise in leading security standards and regulatory requirements. From NIS2 and KRITIS to ISO 27001 – we get you safely to compliance.

NIS2

EU cybersecurity directive

The NIS2 Directive significantly expands the range of affected organisations. In force since 6. Dezember 2025, many organisations must implement comprehensive cybersecurity measures and demonstrate them on an ongoing basis.

Your benefits

  • Legally sound compliance without delay
  • Avoidance of heavy penalties (up to €10 million or 2% of revenue)
  • Improved cyber resilience

Our services

Comprehensive support with implementation

  • 1 NIS2 gap analysis and applicability assessment
  • 2 Risk management and security measures
  • 3 Supply chain security
  • 4 Incident response and reporting obligations (24h)
  • 5 Governance and management responsibility
  • 6 Documentation and evidence

KRITIS

Critical infrastructures

Operators of critical infrastructures are subject to special obligations to protect their IT systems. We support you in meeting all KRITIS requirements.

Your benefits

  • Legally sound compliance
  • Protection of critical supply
  • Avoidance of fines

Our services

Comprehensive support with implementation

  • 1 KRITIS identification and threshold determination
  • 2 Implementation of the IT Security Act (IT-SiG)
  • 3 BSI reporting obligations and incident response
  • 4 Industry-specific security standards (B3S)
  • 5 Organisational and technical measures
  • 6 Two-year audits and evidence

IT-Grundschutz

BSI methodology

The BSI IT-Grundschutz is the leading methodology for information security in Germany. It is the standard especially in the public sector and for KRITIS operators.

Your benefits

  • Proven methodology with high acceptance
  • Can be combined with ISO 27001
  • Suitable for public-sector clients

Our services

Comprehensive support with implementation

  • 1 IT-Grundschutz analysis and modelling
  • 2 Basic protection and core protection
  • 3 Standard and IT-Grundschutz check
  • 4 Implementation of the IT-Grundschutz modules
  • 5 Risk analysis for high protection needs
  • 6 ISO 27001 based on IT-Grundschutz

Grundschutz++

Modern compliance management

Grundschutz++ is our modern compliance management system that takes BSI IT-Grundschutz further. 998 requirements across 20 thematic practices, interactive migration support from the 2023 Compendium and a powerful explorer for structured security analysis.

Your benefits

  • More modern, practice-oriented structure than the Compendium
  • Seamless migration from existing IT-Grundschutz
  • Full data sovereignty through self-hosting

Our services

Comprehensive support with implementation

  • 1 998 requirements across 20 thematic practices
  • 2 Interactive migration path from the BSI Compendium 2023
  • 3 7-dimensional explorer with statistics dashboard
  • 4 Thematic cross-reference to 111 BSI modules
  • 5 Multi-tenant compliance checks with document management
  • 6 Self-hosted with automatic BSI data sync

ISO 27001

International ISMS standard

ISO/IEC 27001 is the world's leading standard for information security management systems (ISMS). Certification demonstrates systematic information security and builds trust with clients and partners.

Your benefits

  • Internationally recognised certification
  • Competitive advantage and trust building
  • Systematic risk management

Our services

Comprehensive support with implementation

  • 1 ISMS setup to ISO/IEC 27001:2022
  • 2 Gap analysis and roadmap development
  • 3 Risk assessment and treatment
  • 4 Implementation of Annex A controls
  • 5 Internal audits and management review
  • 6 Preparation for certification

Which standard is right for you?

The right standard depends on your industry, size and regulatory requirements. We are happy to advise you with no obligation.

Arrange a free initial consultation

Ready for stronger security?

Let us develop your IT security strategy together. Free initial consultation and a no-obligation introductory call.