ISMS-Consulting

The introduction of an information security management system is a process that can take from several months to several years, depending on the initial situation, company size, complexity and resource availability. Project durations of 6 to 12 months are common.

With our implementation method "Success", which we have developed based on our experience from many implementation projects, we provide you with a structured approach that ensures your project success. For the method there are currently roadmaps to the standards ISO27001 and TISAX®.

We recommend a phase-based approach with agile components and divide the overall project into 5 phases:

Prepare-Phase

The project begins with a start-up workshop in which the essential framework conditions are defined. In addition, a kickoff-meeting is prepared. In this meeting, the project approach is coordinated with the project team and next steps are determined.

Explore-Phase

The basis for project planning is the gap analysis, in which the gap between the current state and the requirements of the standard to be introduced (ISO 27001 / TISAX®) is determined. For this purpose, abat-consultants go through the entire requirements of the standard together with the project team in an initial workshop.

Realize-Phase

The gaps identified in the gap-analysis result in the tasks to be worked on. In this phase, the creation of guidelines and policies, the development of a risk analysis and the implementation of the ISMS-processes take place. Depending on the support level selected, the abat-consultants support the creation or are available to review the documents.

Parallel to the creation of documents, the team, together with the abat-consultants, begins to put the already completed parts of the ISMS into operation, since certification according to ISO 27001 or the TISAX® assessment require an established and running ISMS.

Deploy-Phase

Once all parts of the ISMS have been implemented, the employees of the various target groups are trained, an internal audit is conducted and a management report is prepared. Findings from the internal audit are included in the action plan and processed.

ISO 27001-Certification / TISAX® Assessment

After the findings of the internal audit have been fully processed and the management review has taken place, the ISO 27001 certification or the TISAX® assessment can take place.

Run-Phase

In this phase, the now accepted ISMS goes into regular operation. The often said phrase after an audit is: "After the audit is before the audit", so the continuous improvement process is one of the most important tasks. This is because the next monitoring or re-certification audit must prove that the guidelines created are not just paper tigers, but are firmly anchored in the company's day-to-day business and are lived by all employees.

Prepare-Phase

The project begins with a start-up workshop in which the essential framework conditions are defined. In addition, a kickoff-meeting is prepared. In this meeting, the project approach is coordinated with the project team and next steps are determined.

Explore-Phase

The basis for project planning is the gap analysis, in which the gap between the current state and the requirements of the standard to be introduced (ISO 27001 / TISAX®) is determined. For this purpose, abat-consultants go through the entire requirements of the standard together with the project team in an initial workshop.

Realize-Phase

The gaps identified in the gap-analysis result in the tasks to be worked on. In this phase, the creation of guidelines and policies, the development of a risk analysis and the implementation of the ISMS-processes take place. Depending on the support level selected, the abat-consultants support the creation or are available to review the documents.

Parallel to the creation of documents, the team, together with the abat-consultants, begins to put the already completed parts of the ISMS into operation, since certification according to ISO 27001 or the TISAX® assessment require an established and running ISMS.

Deploy-Phase

Once all parts of the ISMS have been implemented, the employees of the various target groups are trained, an internal audit is conducted and a management report is prepared. Findings from the internal audit are included in the action plan and processed.

ISO 27001-Certification / TISAX® Assessment

After the findings of the internal audit have been fully processed and the management review has taken place, the ISO 27001 certification or the TISAX® assessment can take place.

Run-Phase

In this phase, the now accepted ISMS goes into regular operation. The often said phrase after an audit is: "After the audit is before the audit", so the continuous improvement process is one of the most important tasks. This is because the next monitoring or re-certification audit must prove that the guidelines created are not just paper tigers, but are firmly anchored in the company's day-to-day business and are lived by all employees.

Within the phases, we use agile components, such as the Daily Scrum or a Kanban Board, to quickly achieve initial results. In the realization phase, it is also possible to realize the tasks in so-called sprints.

The documents already created can be used for a rollout to additional sites. Local adaptations (e.g. other, country-specific legal requirements, additional assets, risks, etc.) may need to be integrated.

For many tasks in each phase, we provide accelerator documents that can be used as an initial guide or template.

Our offers for ISMS-Consulting

ISO 27001-Consulting

The international standard ISO 27001 ensures information security in organizations such as companies, non-profit organizations or public institutions.

TISAX®-Consulting

We support you in developing an ISMS adapted to your company based on the TISAX® requirements and prepare you for the assessment.

KRITIS-Consulting

KRITIS companies must implement organizational and technical measures to prevent disruptions to their critical service. We advise.

IT-Grundschutz-Consulting

Many service providers for public clients are required to introduce an ISMS based on IT-Grundschutz. abat provides support, for example, in the risk analysis.

Contact our abat protect expert

Free initial consultation to analyze your needs

In the first meeting, you define your initial situation with us, and we clarify initial questions.

This appointment is free of charge and without obligation for you.

Our customers in the area protect

Saskia

ISMS Consultant
Bremen

For me, abat is: fun, exciting projects - great customers and colleagues packed into a respectful and trusting atmosphere with plenty of room for continuous development!

Petra

Consultant, Contract Management, Education
Bremen

What I appreciate so much about abat is the respectful interaction with each other; the trust that is given; the many opportunities to develop and grow; the wonderful friendships that have developed over the years and, of course, the joy and variety of the work.

Melissa

ISMS Senior Consultant
Bremen

At abat, I have the freedom to shape my work as I see fit.

Hans

ISMS Senior Consultant
Bremen

For me, abat is synonymous with limitless opportunities and a sustainable corporate culture

Andreas

ISMS Senior Consultant
Bremen

I have never worked in such a self-determined and self-reliant way as in this team. Love it.

Our memberships

abat is a member of

Our experts are committed to