Overview

Our consulting services are always based on excellent know-how and takes place with very high professional quality. Through our interdisciplinary knowledge, we always pursue a holistic approach. In doing so, we rely on proven methods and concepts and optionally support them with suitable software. In this way, we achieve a sustainable and economical approach – from the situation analysis to the conception and realization of optimization potentials.

  • profound expertise
    and high quality
  • holistic
    approach
  • interdisciplinary
    knowledge
  • optional
    software support
  • approved models
    and concepts
  • training and
    qualification

Competences

In case of consulting we specialize in the topics of Information Security Management (ISMS) and Governance, Risk and Compliance (GRC).

  • ISMS according
    to ISO 27001/2
  • external
    ISB / CISO
  • audits and assessments
    of IT-Security

Consulting on ISMS covers the effective and efficient introduction and further development of the Information Security Management System (ISMS) according to common standards such as ISO 27001/2. In addition, we support external (deputy) Information Security Officers (ISO), audits and assessments of IT-Security and, of course, accompany the sustainable roll-out of suitable software such as ibi systems iris.

Consulting on GRC covers the sustainable development of an internal control system, the implementation of data protection requirements and the design of risk management according to current requirements. Optionally, we also support the introduction of suitable software such as ibi systems iris.

  • IKS
    PS 951 / ISAE 3402
  • data protection
    BDSG / EU-DSGVO
  • OpRisk Management
    Basel II / III

Our proceeding

Interdisciplinary knowledge as guarantee for success

Our business and IT consulting is based on consequent implementation of complex business processes’ optimization potentials. We are able to exhaust these optimization potentials in unique manner considering your specific needs, due to the optional software support on our consulting services.

Conception in teamwork

After a jointly executed kick-off workshop, the consulting assignment and optimization purpose is concretised in close collaboration with the customer. At this stage our interdisciplinary team develops a customized solution with the customer.

Transparent consulting

We can ensure an always transparent consulting due to on-site consulting and a holistic consulting concept. That way our customers have constant access to the progress of the projects and can express feedback at any time.

High contentment through periodic status reports

We arrange regular status meetings with our customers to inform them about the latest status of the project.

Intense support even after the consulting services

We strive for successful cooperation in the long term. With our extensive knowledge in the field of governance, risk and compliance, security, business continuity and audit management we remain available as point of contact, even after the conclusion of a consulting project.

Project examples

For over 5 years we stand for successful project realization and sustainably ensure the success of our customers. This is impressively documented by our long-standing business relationships and successful projects with well-known companies from a wide variety of industries. Here is a small selection of these projects:

ICS - software-supported ICS according to PS 951 / ISAE 3402

Customer: Bank, Munich
Topic: ICS – PS 951 / ISAE 3402
Tasks:
conception, software support, project support

Starting position and objective

  • Alignment of the process and control objectives according to the international framework Cobit 5
  • Transferring the existing ICS into a software-supported approach with systematic assessments to control and avoid risks

Procedure and solution

  • Support in creating concrete assessment points from Cobit 5 templates
  • Ensuring the multiple use of these assessment points in different assessments (for example, in parallel assessments with different assessment objects)
  • Definition of standardized questionnaires for individual topics (e.g., event management, authorization management, etc.)
  • Ensuring that all relevant and risky IT core processes are taken into account by means of standardized questionnaires
  • Connection of the adjusted assessment points with the process or control objectives of the Cobit 5 standard (thereby: simplified coordination of the assessment contents at the service providers of the customers)
Information security - management of requests / exceptions

Customer: Automotive group, Wolfsburg
Topic: Management of IT-Security requests / exceptions
Tasks:
conception, implementation, introduction

Starting position and objective

  • Management of exceptions by defined rules for certain business processes (e.g.,  sales request to release the USB port)
  • Ensuring consistent decisions

Procedure and solution

  • Development of a system for the management of requests
  • Recommendation to reject or approve requests based on historical decisions
Operational Risk Management according to Basel II

Customer: Bank, Munich
Topic: Basel II (OpRisk) – recording, calculation and reporting
Tasks:
Adaptation (interfaces), introduction and operation of the software “ibi systems iris”

Starting position and objective

  • Replacement of the Excel-based recording and calculation of all operational risks by means of a suitable software solution
  • Connection of the existing loss database
  • Illustration of the updated organizational and process structure
  • Automated international group reporting according to Basel II

Procedure and solution

  • Introduction of the “ibi systems iris” software including recording and integration of the organizational and process structure as well as connection of the existing loss database
  • Extension/programming of individual reports for the automatic international group reporting according to Basel II
  • Support for matching all relevant data
  • Fulfill requirements for OpRisk data regarding historicization
  • Ongoing determination of data quality (providers, processes, assets) and coordination of necessary corrections
Information security - business impact analysis and risk assessments

Customer: Media group, Luxembourg
Topic: ISMS – BIA, self-assessments, risk assessment
Tasks:
Customizing and introduction of the software “ibi systems iris”

Starting position and objective

  • Replacement of excel-based recording and evaluation of assets, deviations, risks and measures
  • Providing a software solution for assisting in performing of assessments (regarding ISMS)
  • Global centralized data management to improve data quality and consistency
  • Reduction of high cost for external consultants in the past

Procedure and solution

  • Introduction of the “ibi systems iris” software including recording and integration of the organizational and process structure
  • Transfer of historical inventory data (assets, risks, measures) from the previous ISMS cycles
  • Extension/adaptation of the software to customer-specific requirements
  • Creation of reports as well as export possibilities in order to be able to transfer data collected in “ibi systems iris” to the “old world” to improve the acceptance (e.g., use of existing excel macros for risk aggregation etc.)
Information security - ISMS according to ISO 27001/2

Customer: Service company, Gütersloh
Topic: ISMS – BIA, self-assessments, risk assessment
Tasks:
Customizing and introduction of the software “ibi systems iris”

Starting position and objective

  • Replacement of excel-based recording and evaluation of assets, deviations, risks and measures
  • Providing a software solution for the holistic support of the ISMS
  • Worldwide deployment and centralized data management to improve data quality and consistency

Procedure and solution

  • Introduction of the “ibi systems iris” software including recording and integration of the organizational and process structure
  • Transfer of historical inventory data (assets, risks, measures) from the previous ISMS cycles
  • Extension/adaptation of the software to customer-specific requirements
  • Creation of reports as well as export possibilities in order to be able to transfer data collected in “ibi systems iris” to the “old world” to improve the acceptance (e.g., use of existing excel macros for risk aggregation etc.)
Information security - management according to VDA/ISA

Customer: Producing company, Nuremberg
Topic: VDA/ISA self-assessments, risk management
Tasks:
Customizing and introduction of the software “ibi systems iris”

Starting position and objective

  • Replacement of an existing software solution (Verinice)
  • Worldwide use through local ISOs
  • Establishment of a central repository for VDA self-assessments of all Group units
  • Establishment of a system-supported risk management

Procedure and solution

  • Introduction of the software “ibi systems iris” including recording and integration of the organizational and process structure
  • Data transfer of all previous VDA-ISA assessments since 2011
  • Provision of a VDA-ISA template for self-assessments
  • Creation of an individual report for the evaluation of self-assessments
  • Training on the design of risk management in “ibi systems irirs”
Information security - development of an ISMS incl. support of the certification according to ISO 27001

Customer: Energy supplier, Regensburg
Topic: Certification according to the IT security catalog for energy suppliers (ISO 27001 and 27019)
Tasks:
Project support, implementation of an information security management system based on the software “ibi systems iris”, certification support

Starting position and objective

  • Introduction of an ISMS based on the IT security catalog published by the Federal Network Agency and its certification in accordance with ISO 27001 until 31 January 2018
  • Ensuring adequate protection against threats to telecommunications and electronic data processing systems necessary for secure network operation

Procedure and solution

  • Introduction of the ibi systems iris software including recording and filing of the organizational and asset/process structure
  • Workshops as well as trainings for the establishment of the standard requirements as well as implementation of measures and documentation
  • Imaging and continuous improvement of the ISMS using the ibi systems iris software
  • Implementation of risk management with ibi systems iris
  • Preparation of successful certification
  • Preparation for the roll-out of the ISMS to the entire group
Information security - ISMS with tool-based risk management

Customer: Insurer, Neunkirchen
Topic: ISMS with focus on risk management
Tasks:
Introduction support and configuration of the software “ibi systems iris”

Starting position and objective

  • Introduction of an Information Security Management System (ISMS)
  • Consideration of IT-Grundschutz
  • Tool-based risk management

Procedure and solution

  • Installation support and configuration of the software “ibi systems iris”
  • Training on how to use tool-based risk management with “ibi systems iris”
Information security - Introduction of an ISMS based on ISO 27001

Customer: Media company, Munich
Topic: Data protection and ISMS according to existing standards (EU-DSGVO, ISO 27001)
Tasks:
Provision and customizing of the software “ibi systems iris”

Starting position and objective

  • Introduction of an ISMS based on ISO 27001
  • Integration of relevant compendiums and test templates
  • Consideration of the requirements of the EU GDPR in the tool

Procedure and solution

  • Provision and installation support for the software “ibi systems iris”
  • Preparation and provision of relevant compendiums and test templates for import into “ibi systems iris”
  • Customizing of the “ibi systems iris” software with regard to the EU-GDPR