ISMS-Consulting
The introduction of an information security management system is a process that can take from several months to several years, depending on the initial situation, company size, complexity and resource availability. Project durations of 6 to 12 months are common.
With our implementation method "Success", which we have developed based on our experience from many implementation projects, we provide you with a structured approach that ensures your project success. For the method there are currently roadmaps to the standards ISO27001 and TISAX®.
We recommend a phase-based approach with agile components and divide the overall project into 5 phases:
- Prepare-Phase
- Explore-Phase
- Realize-Phase
- Deploy-Phase
- ISO 27001-Certification / TISAX® Assessment
- Run-Phase
Prepare-Phase
The project begins with a start-up workshop in which the essential framework conditions are defined. In addition, a kickoff-meeting is prepared. In this meeting, the project approach is coordinated with the project team and next steps are determined.
Explore-Phase
The basis for project planning is the gap analysis, in which the gap between the current state and the requirements of the standard to be introduced (ISO 27001 / TISAX®) is determined. For this purpose, abat-consultants go through the entire requirements of the standard together with the project team in an initial workshop.
Realize-Phase
The gaps identified in the gap-analysis result in the tasks to be worked on. In this phase, the creation of guidelines and policies, the development of a risk analysis and the implementation of the ISMS-processes take place. Depending on the support level selected, the abat-consultants support the creation or are available to review the documents.
Parallel to the creation of documents, the team, together with the abat-consultants, begins to put the already completed parts of the ISMS into operation, since certification according to ISO 27001 or the TISAX® assessment require an established and running ISMS.
Deploy-Phase
Once all parts of the ISMS have been implemented, the employees of the various target groups are trained, an internal audit is conducted and a management report is prepared. Findings from the internal audit are included in the action plan and processed.
ISO 27001-Certification / TISAX® Assessment
After the findings of the internal audit have been fully processed and the management review has taken place, the ISO 27001 certification or the TISAX® assessment can take place.
Run-Phase
In this phase, the now accepted ISMS goes into regular operation. The often said phrase after an audit is: "After the audit is before the audit", so the continuous improvement process is one of the most important tasks. This is because the next monitoring or re-certification audit must prove that the guidelines created are not just paper tigers, but are firmly anchored in the company's day-to-day business and are lived by all employees.
Prepare-Phase
The project begins with a start-up workshop in which the essential framework conditions are defined. In addition, a kickoff-meeting is prepared. In this meeting, the project approach is coordinated with the project team and next steps are determined.
Explore-Phase
The basis for project planning is the gap analysis, in which the gap between the current state and the requirements of the standard to be introduced (ISO 27001 / TISAX®) is determined. For this purpose, abat-consultants go through the entire requirements of the standard together with the project team in an initial workshop.
Realize-Phase
The gaps identified in the gap-analysis result in the tasks to be worked on. In this phase, the creation of guidelines and policies, the development of a risk analysis and the implementation of the ISMS-processes take place. Depending on the support level selected, the abat-consultants support the creation or are available to review the documents.
Parallel to the creation of documents, the team, together with the abat-consultants, begins to put the already completed parts of the ISMS into operation, since certification according to ISO 27001 or the TISAX® assessment require an established and running ISMS.
Deploy-Phase
Once all parts of the ISMS have been implemented, the employees of the various target groups are trained, an internal audit is conducted and a management report is prepared. Findings from the internal audit are included in the action plan and processed.
ISO 27001-Certification / TISAX® Assessment
After the findings of the internal audit have been fully processed and the management review has taken place, the ISO 27001 certification or the TISAX® assessment can take place.
Run-Phase
In this phase, the now accepted ISMS goes into regular operation. The often said phrase after an audit is: "After the audit is before the audit", so the continuous improvement process is one of the most important tasks. This is because the next monitoring or re-certification audit must prove that the guidelines created are not just paper tigers, but are firmly anchored in the company's day-to-day business and are lived by all employees.
Within the phases, we use agile components, such as the Daily Scrum or a Kanban Board, to quickly achieve initial results. In the realization phase, it is also possible to realize the tasks in so-called sprints.
The documents already created can be used for a rollout to additional sites. Local adaptations (e.g. other, country-specific legal requirements, additional assets, risks, etc.) may need to be integrated.
For many tasks in each phase, we provide accelerator documents that can be used as an initial guide or template.

Our offers for ISMS-Consulting

ISO 27001-Consulting
The international standard ISO 27001 ensures information security in organizations such as companies, non-profit organizations or public institutions.

TISAX®-Consulting
We support you in developing an ISMS adapted to your company based on the TISAX® requirements and prepare you for the assessment.

KRITIS-Consulting
KRITIS companies must implement organizational and technical measures to prevent disruptions to their critical service. We advise.

IT-Grundschutz-Consulting
Many service providers for public clients are required to introduce an ISMS based on IT-Grundschutz. abat provides support, for example, in the risk analysis.
Our customers in the area protect

Saskia
ISMS Consultant
Bremen
For me, abat is: fun, exciting projects - great customers and colleagues packed into a respectful and trusting atmosphere with plenty of room for continuous development!

Petra
Consultant, Contract Management, Education
Bremen
What I appreciate so much about abat is the respectful interaction with each other; the trust that is given; the many opportunities to develop and grow; the wonderful friendships that have developed over the years and, of course, the joy and variety of the work.

Melissa
ISMS Senior Consultant
Bremen
At abat, I have the freedom to shape my work as I see fit.

Hans
ISMS Senior Consultant
Bremen
For me, abat is synonymous with limitless opportunities and a sustainable corporate culture

Andreas
ISMS Senior Consultant
Bremen
I have never worked in such a self-determined and self-reliant way as in this team. Love it.
Our memberships
abat is a member of


Our experts are committed to


You might also be interested in

Information material
on the topic Information security
Contact our abat protect expert

Free initial consultation to analyze your needs
In the first meeting, you define your initial situation with us, and we clarify initial questions.
This appointment is free of charge and without obligation for you.