Services

Focused on information security.

One field — information security — in three clearly defined forms of collaboration I've been at home in for over ten years.

01

ISO 27001 & Audits

I build the ISMS with you and prepare you for certification audits — separately or as one continuous project. From more than 100 audits for TÜV Süd I know both sides and what holds up in an audit. TISAX readiness for the automotive supply chain included.

My core task: to translate the standard's requirements — into the language of management and IT. Internal audits and positioning assessments follow a clear audit plan: your contacts are tied up only as long as necessary, and a detailed checklist keeps every judgement traceable.

For technical implementation — penetration testing, network architecture, specialised implementation — I work with experienced specialists from my network. For you it remains one central point of contact.

What you concretely receive
  • ISMS gap analysis with a prioritised list of measures and a roadmap for the next steps
  • ISMS policy and guidelines (e.g. user and operational security)
  • Asset and risk register, tailored to your company's situation
  • Audit report with findings, a qualitative judgement and a management summary
  • Catalogue of concrete corrective measures
  • Focused workshops to work out individual areas of measures
Result: a certification-ready security level, aligned with the requirements of external certification audits.
Request a consultation →
02

NIS2 & Compliance

The regulatory wave is rolling: the NIS Act 2026 obligates an entire layer of mid-sized companies. I support you in meeting the requirements demonstrably — from applicability analysis through to audit preparation.

What you concretely receive
  • NIS Act 2026 applicability analysis, documented in writing as a basis for decisions
  • Gap analysis with a prioritised list of measures
  • Risk management and reporting processes, set up and documented
  • Liability briefing for management
  • Ongoing support and audit preparation
Result: demonstrable NIS Act 2026 conformity, documented for authority and audit.
Data protection (GDPR). Where data protection and information security overlap — for example in technical and organisational measures — I take GDPR requirements into account. Data protection is not a focus area, however: I do not offer individual legal advice or act as an external data protection officer.
To the NIS Act 2026 check & the three paths →
03

CISO Advisor & security sparring partner

Security responsibility lies — especially under NIS2 — with your management. I support you as an experienced sparring partner: with clear judgement, structured reviews and honest feedback. Responsibility stays with you; you have an engaged thinking partner alongside you. From my time as a board assistant and managing director, I know both languages: that of leadership and that of IT.

What you concretely receive
  • Regular reviews with IT leadership and management
  • Sparring on strategic security decisions
  • Structured roadmap and measures planning
  • Reviews of risks, incidents and audit preparation
Result: a reliable external counterpart who thinks with you — with responsibility staying clearly in your house.
Interim CISO as an exception. A genuine takeover of the CISO role (with its own responsibility) is foreseen only in deliberate, time-limited exceptional cases and is agreed separately.
Request a consultation →
References

Selected companies I have worked with.

Pollmann International
MediaPrint
sproof
HeiserTec
Vivid Planet
Enexsa
HSP Gruppe
Amium
Cloudunify

A selection from more than 100 audits and projects.

Which area fits you?

In an initial consultation we find out together — without obligation and concretely.

Request a consultation →