ISMS according to ISO 27001

Professionally Establishing Information Security Management Systems
Your information security at the highest level

In an increasingly digitalized world, the security of your information is not just a technical issue but a critical business factor. A professionally implemented Information Security Management System (ISMS) based on ISO 27001 not only protects your valuable data but also builds trust with customers, partners, and stakeholders.

Why ISO 27001?

• International Recognition: ISO 27001 is the world’s leading standard for information security and is globally recognized by companies, authorities, and organizations.
• Systematic Approach: The standard provides a structured framework for continuously improving your information security through the Plan-Do-Check-Act cycle.
• NIS 2 Compliance: ISO 27001 serves as an ideal foundation for fulfilling the EU-wide NIS 2 Directive and its national implementations. Many ISO 27001 requirements directly align with NIS 2 provisions.
• Compliance & Legal Assurance: Meet regulatory requirements and demonstrate compliance to authorities and business partners.
• Competitive Advantage: An ISO 27001 certification opens doors to new markets and business opportunities, especially in security-critical and regulated sectors.

My Services for Your ISMS

Gap Analysis & Current State Assessment

• Evaluation of your current information security posture
• Identification of vulnerabilities and areas for improvement
• Roadmap for ISMS implementation

ISMS Development & Documentation

• Development of a tailored information security policy
• Creation of all required procedures and work instructions
• Establishment of a practical document management system

Risk Management

• Conducting structured risk analyses
• Developing appropriate security measures
• Implementing a continuous risk management process

NIS 2 Readiness & Compliance

• Assessment of NIS 2 applicability for your organization
• Mapping ISO 27001 controls to NIS 2 requirements
• Preparation for national implementation laws
• Incident response and reporting obligations under NIS 2

Employee Training

• Training your internal teams on ISO 27001 requirements
• Building internal expertise for independent ISMS maintenance
• Raising awareness of information security among all employees

Certification Support

• Preparation for external audits
• Guidance during the certification process
• Support for continuous improvement

Your Path to ISO 27001 Certification

Based on proven project methods and years of experience, I follow a structured 12-month implementation plan divided into four main phases:

Phase 1: Project Preparation (Months 1-3)

• Project planning and kick-off
• Context analysis and scope determination
• Development of risk management processes
• Asset management and initial risk assessment

Phase 2: ISMS Development (Months 4-6)

• Establishing policies and ISO controls
• Implementing defined measures
• Building ISMS documentation

Phase 3: Optimization & Preparation (Months 7-9)

• Evidence collection and internal audits
• Addressing non-conformities
• Management review and fine-tuning

Phase 4: Certification (Months 10-12)

• Preparation for the external audit
• Support during the certification audit
• Full implementation of the PDCA cycle

This structured approach ensures that your ISMS not only passes certification but is also sustainably integrated into your organization.

Industry Expertise

I support companies across various industries in implementing ISO 27001:

• IT Service Providers and Software Companies: Addressing unique challenges in cloud services, software development, and DevSecOps integration.
• Food Production and Retail: Protecting critical infrastructures, securing supply chains, and ensuring compliance with industry-specific requirements.
• SMEs: Pragmatic, cost-efficient solutions for small and medium-sized enterprises across all sectors with limited resources.
• Startups and Scale-Ups: Building scalable security structures from the outset – “Security by Design” for growing businesses.

NIS 2 Directive: Preparation is Key

The EU-wide NIS 2 Directive (Network and Information Security Directive) significantly expands cybersecurity requirements and affects far more companies than its predecessor. As an “essential” or “important” entity, you must implement comprehensive cybersecurity measures.

Expanded NIS 2 Scope

• Lower thresholds (50+ employees or €10M+ revenue/€10M+ balance sheet total)
• New sectors such as IT/ICT, digital services, food, and machinery

ISO 27001 as the Foundation for NIS 2
A well-implemented ISMS based on ISO 27001 already meets many of the core requirements of NIS 2:

• Risk management and cybersecurity governance
• Incident management and reporting obligations
• Business continuity and crisis management
• Supply chain security
• Regular security assessments

Your NIS 2 Compliance Strategy
I help you implement ISO 27001 in a way that ensures you are also NIS 2-ready – one investment, two goals achieved.

Why Work with Me?

• Practical Approach: No theoretical concepts, but actionable solutions tailored to your daily operations
• Proven Project Methodology: Structured 12-month plan with clear milestones and measurable results
• NIS 2 Expertise: Early preparation for upcoming regulatory requirements
• Industry-Specific Experience: Deep understanding of challenges in IT, the food sector, SMEs, and startups
• Sustainable Implementation: Building internal competencies for long-term ISMS maintenance