Symbolic image: a laptop with a padlock and fingerprint icons to represent information security.

Information security consultancy (ISMS)

We create information security that works day in, day out.

Ask us for advice now

Information security isn’t just about technology. It exists wherever people, processes and responsibility come together – Who is allowed to do what? Which items are critical? How do we handle risks? And what happens if there’s an incident? With our information security advice, we can help you put together and develop an information security structure that is practical and appropriate for small and medium-sized enterprises. As part of that process, we are guided by tried-and-tested methodologies (such as the ISMS framework), without creating unnecessary red tape. Our aim is to create a security framework that is right for your company and will help you develop your IT and cloud-based systems (on-prem, hybrid or cloud-first).

Digitalising small & medium-sized enterprises

Your information security is our focus – our end-to-end advice makes sure all aspects are covered

Many companies have already implemented stand-alone security measures. But a unifying framework – with clear rules, responsibilities and a documented approach towards risk handling – is often missing. That’s precisely where our information security advice comes in.

We make sure that information security is not simply left to chance, but can be reliably controlled – in the form of clear responsibilities, comprehensible guidelines and a procedure that is realistic, even when resources are limited.

Scope of services

Information security consultancy – our services at a glance

ISMS-oriented development & control

We can help you put together a lean and efficient security system: targets, scope, responsibilities and a procedure that consistently manages risks and measures and reflects the size and the degree of maturity of your company.

Guidelines, standards & processes

Together, we will develop comprehensible everyday rules (for items such as passwords/MFA, devices/remote working and data sharing). We will also define standards and procedures to uphold operational security in areas such as updates/patch management, backup & recovery and logging. This creates a set of clear parameters that can serve as a guide for IT and service-providers during implementation.

Roles & responsibilities

Information security requires clear responsibilities. We will define roles and interfaces (IT, specialist departments, management, external service providers) and create simple decision pathways – so that measures are not simply left aside.

Awareness & security culture

Technology alone cannot protect you from phishing, malpractice or misconduct. We will develop awareness components that reflect your everyday activities: if desired, these can include an effectiveness check that simulates attacks, such as phishing messages sent for test purposes. This will reveal how effective the human component of your IT security system is on a day-to-day basis and which specific areas need to be tightened up.

Risk management & scheduling measures

We can help you put in place the protections you need, carry out risk assessments and identify measures that make sense. So that you can justify your investments, we identify priorities in a pragmatic way: what will be most effective and which items can be postponed until later?

Emergency & incident management

When something happens, structure is the key. We will define reporting channels, roles, communication protocols and urgent actions that must be taken immediately. That way, you will still be able to take action when a serious incident occurs and decisions can be made more quickly.

Innovating. Transforming. Succeeding

Here’s what our information security consultancy looks like

Approach & vision

We will define the objectives and scope of activity and agree which persons to contact. At the same time, we will work with you to form a shared image of the current situation: roles, responsibilities and the rules already in place.

Analysing the current situation on an organisational level

We will rigorously examine what is already in place and where any gaps exist, such as in guidelines, processes, awareness and risk handling.

Conception & action plan

We will develop or revise rules, role concepts and processes and identify specific actions on that basis. We will then work together to prioritise these according to effectiveness and cost, so that the next steps can be planned in a realistic way.

Introduction & embedding into everyday activities

We support communications and awareness measures and manage the handover of the agreed actions into day-to-day operations. We provide master templates and checklists, making information security manageable and embedding compliance for the long term.

What you will get at the end

So that you can make well-founded decisions and plan implementation in a targeted way, you will receive the following documents and outcomes:

  • A roles & responsibilities model
  • Guidelines & a set of rules
  • A risk audit including assessment, prioritisation & recommended actions
  • An action plan containing quick wins and realistic next steps
  • An awareness plan (formats, content, intervals and responsibilities)
  • Incident & emergency procedures (reporting channels, communication protocols, and immediate actions)

Information security for your unitop environment

When implementing and operating unitop, we take a holistic look at information security right from the start by considering roles, access rights, responsibilities and operating processes. As unitop is based upon Microsoft Dynamics 365 Business Central, tried-and-tested security mechanisms can be combined with Microsoft 365 and Azure in a targeted way – providing a stable and clearly defined security structure for your business-critical processes.

Contact

Requesting information security consultancy – Your contact

Are you looking to develop an information security structure – with clear rules, defined responsibilities and a viable action plan? We’ll be pleased to advise you.

Christian Blenkers

Christian Blenkers

+49 (0)2151 349 3002 Write email
Ask us for advice now