ISMS-Consulting
Implementing an information security management system (ISMS) is an extensive process that can vary depending on the specific requirements and circumstances of your company. The duration of the process depends on various factors, such as the initial situation, the size of the company, the complexity of the IT infrastructure and the availability of resources. As a rule, the introduction of an ISMS can take between 6 and 12 months, although it can take longer in large corporations or particularly complex environments.
Our “Success” implementation methodology is specifically designed to provide you with a structured and proven approach to ensure the success of your project. This method is based on our extensive experience from numerous implementation projects and provides you with roadmaps for the ISO 27001 and TISAX® standards.
We recommend a phase-based approach that integrates agile components to enable flexibility and adaptability during the project. The overall project is divided into the following 6 phases:
- Prepare-Phase
- Explore-Phase
- Realize-Phase
- Deploy-Phase
- ISO 27001-Certification / Assessment on TISAX®
- Run-Phase
Prepare phase: the foundation for success
The Prepare phase is the prelude to a successful project and lays the foundation for the introduction of an information security management system. In this crucial initial phase, the course is set for the rest of the project.
It all begins with a kick-off workshop in which the people involved get to know each other and prepare the project kick-off meeting together. The kickoff meeting is the most important event in the prepare phase. This is where the basis for working together on the project is created. It creates clarity regarding the project goals and emphasizes the importance of the project.
The project objectives, the (rough) project plan and the roles and responsibilities of the team members are presented to the entire project team. The aim is to bring all participants up to the same level of knowledge. The kick-off meeting is also an opportunity for participants to ask questions and raise concerns to ensure that all participants are clear about what is expected of them in the project.
The Prepare phase is more than just a planning stage; it is a time of inspiration and motivation. It creates a common understanding and alignment that is essential for the successful implementation of the project. With a strong start and a clear vision, you are well prepared to tackle the challenges of information security with confidence.
Explore phase: the journey of discovery begins
The Explore phase is a crucial stage on the way to a secure information security management system. In this phase, a thorough analysis of your company's existing processes and systems is carried out to identify potential risks and clearly define the requirements for the introduction of the standard.
The gap analysis forms the core of this phase. It is the compass that shows the gap between the current status quo and the requirements of the standard to be introduced (ISO 27001 / TISAX®). Our experienced abat consultants will guide you and your project team through an intensive workshop in which every aspect of the standard is carefully examined.
Together with our team, you will navigate through the requirements to ensure that no gap remains undiscovered and that your organization is well on its way to implementing a robust and effective information security management system.
The Explore phase is a journey of learning and understanding that will strengthen and prepare your organization for the challenges of information security. With the support of our consultants, you will take an important step towards a secure and trustworthy future.
Realize phase: The realization of the vision
The Realize phase is the moment when visions take shape and the planned measures are put into practice. It is the phase in which the information security management system (ISMS) is developed in accordance with the identified requirements. The gaps identified in the gap analysis become concrete tasks that need to be tackled.
In this productive phase, the guidelines and directives that serve as a guide for information security are created. The development of a risk analysis makes it possible to identify potential dangers and take preventative measures. The implementation of ISMS processes is the core of this phase, in which theory becomes practice.
Depending on the support level selected, the abat consultants will be at your side, either in the preparation of the documents or as a reviewing body to ensure that everything meets the requirements of the standard. Their expertise is a valuable companion on the path to certification.
Parallel to document creation, the team, supported by the abat consultants, begins with the commissioning of the ISMS. . This is because an established and running ISMS is required for certification in accordance with ISO 27001 or the TISAX® assessment.
The Realize phase is a time of progress and implementation in which the foundations for a secure and efficient ISMS are laid. It is the phase in which your company takes a big step towards a secure information future.
Deploy phase: Integration into the company
The deploy phase marks the decisive step in which the information security management system (ISMS) is seamlessly embedded and operationalized in the corporate environment. It is the phase in which theory meets practice and the ISMS becomes a living part of the company's day-to-day operations.
As soon as all parts of the ISMS have been implemented, the important task of training begins. The employees of the various target groups receive comprehensive training to ensure that each individual understands the importance and functioning of the ISMS and can apply it effectively in their day-to-day work.
An internal audit is carried out to check the effectiveness and completeness of the ISMS. Findings from the audit are included in the action plan and systematically processed in order to optimize the security and efficiency of the system. This audit is like a mirror that reveals the strengths and weaknesses of the system and provides valuable insights for continuous improvement.
Key figures are essential for the further development and continuous improvement of an ISMS. Key figures can be used to measure the effectiveness of the ISMS. They can provide an indication of the degree to which defined security objectives are being achieved. An assessment by the management concludes the deploy phase. The assessment represents a review of the conformity, effectiveness and efficiency of the ISMS by the top management level. The aim is to determine the extent to which the existing ISMS and the planned and implemented measures for securing and increasing information security and for dealing with risks are implemented as planned (conformity), are actually suitable and effective (effectiveness), and the result achieved is in reasonable proportion to the costs incurred or the personnel, technical and organizational effort (efficiency).
The deploy phase is a time of implementation and refinement in which the ISMS becomes an integral part of your company. It is the phase in which the foundations are laid for a secure and resilient future that protects your company from the diverse risks of the information world.
ISO 27001 certification / assessment for TISAX®: The path to recognition
After careful implementation of the information security management system (ISMS), your company is on the threshold of recognition through ISO 27001 certification or the TISAX® assessment. This step is the culmination of your efforts and proof of the quality and security of your information security practices.
Once the findings of the internal audit have been fully recorded and the management review has provided a clear overview of the effectiveness of the ISMS, your company is ready for the external assessment.
With ISO 27001 certification or the TISAX® assessment, your company sends a clear signal of commitment, quality and trustworthiness in information security.
Run phase: The ISMS in live operation
The run phase is the stage in which the information security management system (ISMS) is not only implemented, but also monitored, regularly reviewed and continuously improved during operation. It is the phase in which the ISMS moves from project status to everyday use and becomes an integral part of the corporate culture.
In this phase, the ISMS is put into practice in regular operations. The much-quoted phrase “After the audit is before the audit” comes into play here, as the continuous improvement process is one of the most important tasks. The aim is to prove the effectiveness of the ISMS and show that the guidelines drawn up are more than just theory.
Employees play a crucial role in this phase, as they are the ones who have to implement and live the ISMS in their day-to-day work. The training and awareness built up in the previous phases is now paying off as each individual contributes to the protection and security of the company.
The next surveillance or re-certification audit will measure the success of these efforts. It will show whether the guidelines and processes of the ISMS not only exist on paper, but are being implemented effectively and sustainably in practice.
The run phase is therefore a time of confirmation and commitment, in which the ISMS unfolds its full power and accompanies the company on its way to a secure and resilient information future.
Prepare phase: the foundation for success
The Prepare phase is the prelude to a successful project and lays the foundation for the introduction of an information security management system. In this crucial initial phase, the course is set for the rest of the project.
It all begins with a kick-off workshop in which the people involved get to know each other and prepare the project kick-off meeting together. The kickoff meeting is the most important event in the prepare phase. This is where the basis for working together on the project is created. It creates clarity regarding the project goals and emphasizes the importance of the project.
The project objectives, the (rough) project plan and the roles and responsibilities of the team members are presented to the entire project team. The aim is to bring all participants up to the same level of knowledge. The kick-off meeting is also an opportunity for participants to ask questions and raise concerns to ensure that all participants are clear about what is expected of them in the project.
The Prepare phase is more than just a planning stage; it is a time of inspiration and motivation. It creates a common understanding and alignment that is essential for the successful implementation of the project. With a strong start and a clear vision, you are well prepared to tackle the challenges of information security with confidence.
Explore phase: the journey of discovery begins
The Explore phase is a crucial stage on the way to a secure information security management system. In this phase, a thorough analysis of your company's existing processes and systems is carried out to identify potential risks and clearly define the requirements for the introduction of the standard.
The gap analysis forms the core of this phase. It is the compass that shows the gap between the current status quo and the requirements of the standard to be introduced (ISO 27001 / TISAX®). Our experienced abat consultants will guide you and your project team through an intensive workshop in which every aspect of the standard is carefully examined.
Together with our team, you will navigate through the requirements to ensure that no gap remains undiscovered and that your organization is well on its way to implementing a robust and effective information security management system.
The Explore phase is a journey of learning and understanding that will strengthen and prepare your organization for the challenges of information security. With the support of our consultants, you will take an important step towards a secure and trustworthy future.
Realize phase: The realization of the vision
The Realize phase is the moment when visions take shape and the planned measures are put into practice. It is the phase in which the information security management system (ISMS) is developed in accordance with the identified requirements. The gaps identified in the gap analysis become concrete tasks that need to be tackled.
In this productive phase, the guidelines and directives that serve as a guide for information security are created. The development of a risk analysis makes it possible to identify potential dangers and take preventative measures. The implementation of ISMS processes is the core of this phase, in which theory becomes practice.
Depending on the support level selected, the abat consultants will be at your side, either in the preparation of the documents or as a reviewing body to ensure that everything meets the requirements of the standard. Their expertise is a valuable companion on the path to certification.
Parallel to document creation, the team, supported by the abat consultants, begins with the commissioning of the ISMS. . This is because an established and running ISMS is required for certification in accordance with ISO 27001 or the TISAX® assessment.
The Realize phase is a time of progress and implementation in which the foundations for a secure and efficient ISMS are laid. It is the phase in which your company takes a big step towards a secure information future.
Deploy phase: Integration into the company
The deploy phase marks the decisive step in which the information security management system (ISMS) is seamlessly embedded and operationalized in the corporate environment. It is the phase in which theory meets practice and the ISMS becomes a living part of the company's day-to-day operations.
As soon as all parts of the ISMS have been implemented, the important task of training begins. The employees of the various target groups receive comprehensive training to ensure that each individual understands the importance and functioning of the ISMS and can apply it effectively in their day-to-day work.
An internal audit is carried out to check the effectiveness and completeness of the ISMS. Findings from the audit are included in the action plan and systematically processed in order to optimize the security and efficiency of the system. This audit is like a mirror that reveals the strengths and weaknesses of the system and provides valuable insights for continuous improvement.
Key figures are essential for the further development and continuous improvement of an ISMS. Key figures can be used to measure the effectiveness of the ISMS. They can provide an indication of the degree to which defined security objectives are being achieved. An assessment by the management concludes the deploy phase. The assessment represents a review of the conformity, effectiveness and efficiency of the ISMS by the top management level. The aim is to determine the extent to which the existing ISMS and the planned and implemented measures for securing and increasing information security and for dealing with risks are implemented as planned (conformity), are actually suitable and effective (effectiveness), and the result achieved is in reasonable proportion to the costs incurred or the personnel, technical and organizational effort (efficiency).
The deploy phase is a time of implementation and refinement in which the ISMS becomes an integral part of your company. It is the phase in which the foundations are laid for a secure and resilient future that protects your company from the diverse risks of the information world.
ISO 27001 certification / assessment for TISAX®: The path to recognition
After careful implementation of the information security management system (ISMS), your company is on the threshold of recognition through ISO 27001 certification or the TISAX® assessment. This step is the culmination of your efforts and proof of the quality and security of your information security practices.
Once the findings of the internal audit have been fully recorded and the management review has provided a clear overview of the effectiveness of the ISMS, your company is ready for the external assessment.
With ISO 27001 certification or the TISAX® assessment, your company sends a clear signal of commitment, quality and trustworthiness in information security.
Run phase: The ISMS in live operation
The run phase is the stage in which the information security management system (ISMS) is not only implemented, but also monitored, regularly reviewed and continuously improved during operation. It is the phase in which the ISMS moves from project status to everyday use and becomes an integral part of the corporate culture.
In this phase, the ISMS is put into practice in regular operations. The much-quoted phrase “After the audit is before the audit” comes into play here, as the continuous improvement process is one of the most important tasks. The aim is to prove the effectiveness of the ISMS and show that the guidelines drawn up are more than just theory.
Employees play a crucial role in this phase, as they are the ones who have to implement and live the ISMS in their day-to-day work. The training and awareness built up in the previous phases is now paying off as each individual contributes to the protection and security of the company.
The next surveillance or re-certification audit will measure the success of these efforts. It will show whether the guidelines and processes of the ISMS not only exist on paper, but are being implemented effectively and sustainably in practice.
The run phase is therefore a time of confirmation and commitment, in which the ISMS unfolds its full power and accompanies the company on its way to a secure and resilient information future.
Our approach: focus on sustainability and added value
Our approach not only guarantees compliance with the relevant standards, but also establishes a sustainable and value-enhancing process for your company. We integrate agile components such as the Daily Scrum or a Kanban board in order to achieve initial results quickly and promote the dynamics of the project. In the implementation phase, sprints enable tasks to be carried out in a targeted and efficient manner.
The guidelines and directives that have already been created can serve as a solid basis for a rollout to other locations. Local adaptations, such as country-specific legal requirements or additional assets and risks, are carefully integrated.
We provide accelerator documents for many tasks in the individual phases. These serve as an initial orientation or template and accelerate the process of implementation and adaptation.
Our approach is not only to guide you through the certification process, but also to provide you with tools that enable continuous improvement and adaptation to new challenges. In this way, we ensure that your ISMS not only meets the highest standards today, but also in the future and represents real added value for your company.

TISAX® is a registered trademark of the ENX Association. The mention of the TISAX® trademark does not imply any statement by the trademark owner regarding the suitability of the services advertised here. The exclusive responsibility for the content of the website and the services presented here lies with abat.
Our offers for ISMS-Consulting

ISO 27001-Consulting
The international standard ISO 27001 ensures information security in organizations such as companies, non-profit organizations or public institutions.

Consulting on TISAX®
We support you in developing an ISMS adapted to your company based on the requirements on TISAX® and prepare you for the assessment.

KRITIS-Consulting
KRITIS companies must implement organizational and technical measures to prevent disruptions to their critical service. We advise.

IT-Grundschutz-Consulting
Many service providers for public clients are required to introduce an ISMS based on IT-Grundschutz. abat provides support, for example, in the risk analysis.
Our customers in the area protect

Saskia
ISMS Consultant
Bremen
For me, abat is: fun, exciting projects - great customers and colleagues packed into a respectful and trusting atmosphere with plenty of room for continuous development!

Melissa
ISMS Senior Consultant
Bremen
At abat, I have the freedom to shape my work as I see fit.

Hans
ISMS Senior Consultant
Bremen
For me, abat is synonymous with limitless opportunities and a sustainable corporate culture
Our memberships
abat is a member of


Our experts are committed to


You might also be interested in

Information material
on the topic Information security
Contact our abat protect expert

Free initial consultation to analyze your needs
In the first meeting, you define your initial situation with us, and we clarify initial questions.
This appointment is free of charge and without obligation for you.