External information security officer (ISO)

As an external information security officer (ISB), we are your long-term partner for everything to do with information security.

Information security standards such as ISO27001 stipulate that the role of information security officer must be filled. As digitization progresses, the complexity of an ISO’s area of responsibility continues to increase. Every company that wants to establish an appropriate level of information security should occupy the role of the information security officer in such a way that technical, organizational and legal aspects in the broad area of information security are covered by the role owner. Our experienced team of experts covers all of these areas for you and develops pragmatic and sustainable solutions for your information security management system (ISMS) for your company.


Long-term partnership or projekt-based consulting

Similar to the appointment of a data protection officer (DPO), you also have the choice of assigning the role either internally or externally when filling the role of information security officer / ISO. It is a challenge to internally cover the broad field of information security in the company.

You have the option of appointing us as an external information security officer or we can support your internal information security officer with our experience, so that you always receive practical solutions on the subject of information security.

We will find the best solution for you.

This is what we can support you with

Appointment as an external information security officer / ISO

As an external information security officer (ISO), we support the management level in controlling information security in the company. We investigate information security incidents and advise the management in relation to the decision on necessary measures. In addition, we coordinate the information security process and participate in all related tasks. We also manage security-relevant projects and advise on the planning, introduction and modification of applications, IT systems and infrastructure. We continuously monitor the effectiveness and efficiency of your information security management system. You don’t have an ISMS yet? We help with the introduction. When working with us as an external ISO, regular management reviews are a matter of course. An information security officer from our company takes on these and other tasks for you. You have a fixed contact person for all your concerns. In the background, many experts (IT specialists, auditors, data protection officers, lawyers) act for you in their respective specialist areas.

Consulting services for your information security team

We would be happy to support your internal ISO in carrying out its tasks, for example if you have special challenges to master, such as certification (e.g. ISO27001). We are also happy to relieve you of individual tasks for which you may not have the resources. For example, we take care of sensitizing employees and managers to create a company-wide awareness of information security.

Find out more about our information security services.

Your information security management system has already been implemented sustainably, but you have questions about data protection? We are happy to help here too.

Our team for your benefit

Profit from the wealth experience of your interdisciplinary team of experts

It is not only with the eyes of our information security specialists' eyes that we look at information security. Our team also consists of information security specialists as well as certified data protection officers as well as jurists. We all strive to suggest best practical and actionable solutions for the frequent contradictions in legal and regulatory requirements. In addition, we also attach particular importance to the perspective of corporate management, which is covered by our many years of experience in the fields of compliance and management. Our team and our approach allows us to look at information security in ist entirety and thus open up new vistas to you and your organisation.

Information security as an added value for your company

Be it for a certification or simply for a higher level of security – It is your goal to make a lasting improvement of information security in your company. We help achieve your aim in a methodical and well-structured way. We support you in setting-up an Information Security Management System (ISMS). Even regardless of national and international standards such as ISO27001, the first step is to define the scope of your ISMS. Close cooperation with you next to business and sector sepcific standards and regulations are key for us to work out an action plan, which is geared to your individual requirements, We therefore audit all relevant divisions of your company, with the objective of exposing derivations between target and performance resulting in an optimum plan of action. It is on you to decide which part you would like to put to practice yourself and which tasks you would like to call our assistance for, depending on the resources of know-how and time in your company.

Information security is not a project but a continous challenge for the entire company. This is why we also support you in maintining your ISMS for you to obtain a true added value for your company.

What do our customers say about us?


„The aigner business solutions team impresses us with extremely competent and solution-oriented advice. Thanks to the excellent cooperation, we have enormously improved our information security management and passed the certification right away. We can only recommend aigner business solutions.”

Rita Craigue – from the TISAX® project team
Wolferstetter Bräu Georg Huber KG

„An excellent collaborative partnership. This is characterised by the competent, comprehensive data protection advice, which was always geared towards our requirements. It is nice to have data protection officers bringing concrete recommendations for solutions to take us forward instead of constantly only talking about what isn’t possible.”

Georg Andreas Huber – owner, Wolferstetter Bräu Georg Huber KG
Maier Korduletsch

“We feel extremely well taken care of thanks to the flexible support from the competent team of specialists at aigner business solutions. If you constantly have the right contact from the fields of IT or law on your side, data protection isn’t an obstacle – instead, it can ultimately be used as a mark of quality. With its data protection “as a service” approach, this team provides the optimal key for top data protection and IT security – and always in a solution-oriented way!”

Franz-Christian Brummer – commercial manager / authorised representative
Lindner Group KG Arnstorf

„Competence – reliability – flexibility! These three characteristics define our experience of working with them. For us, aigner business solutions is the best place to go to take your data protection and IT security to the next professional level in a solutions-oriented way.”

Andreas Bachmaier – managing director

Your benefits at a glance:

  • You find out about the current security level of your IT systems
  • An interdisciplinary team made up of certified information security experts, lawyers and data protection officers – always put together to be suited to you and your needs
  • Reviews and support in developing your ISMS
  • Optimising your IT systems and processes to adhere to security standards and legal requirements
  • Outsourcing of necessary but annoying documentation tasks
  • Raising awareness for information security risks among employees
  • Using 20 years of experience and passion for information security to secure your data

Here's how it works...

1. Make an appointment

Click on the “Make an appointment” button, fill in the contact form with your details and make a suitable appointment for a free consultation, or simply call us.

2. Consultation

Together, we’ll find out what services you require, take a detailed look at what working together would look like, and how much work it would be.

3. Analysis and conception

Depending on the service required, we’ll start out analysing the current situation. We use that to work with you to develop and implement a plan of action/project plan.

4. Implementation

If you wish so, we help you put the documented measures and regulations into practice.

5. Reporting

We present our results and let you have a report for you to be able to work independently. Our team will, if needed, remain by your side and be available to you as consultants in the future.

6. Lasting, practical and actionable information security and risk management

Just take the first step

Make an appointment for your free consultation right now

Other questions...

Is the consultation really free?

Yes, it’s completely free and non-binding – it is just an opportunity to get to know each other and to find out if and how we can help you with your issues. You will absolutely not be invoiced for the consultation.

Are your consultants certified?

Yes, of course! We only use consultants who demonstrably possess the requisite specialist knowledge, i.e. a degree in information security, are certified DIN ISO 27001 or ISIS 12 lead auditors, and who also have relevant professional experience.

The best thing to do is to see for yourself and to ask for a free initial consultation!

Which audits do you carry out?

Information security audits in preparation for ISO 27001, TISAX or ISIS 12 certification. Final certification is carried by an accredited certification body such as a TÜV.

Furthermore, data protection audits in accordance with the GDPR and appropriate supplier audits, such as reviews of the TOMs on site with the supplier or order processor.

What exactly is examined during an audit?

Depending on which audit is being carried out (data protection or information security), we examine the points required by the General Data Protection Regulation or verify the secure operation of your data centre, the organisational information security processes and the correct use of hardware and software. Inspections and practical examinations of various company processes are among the active parts of every audit.

How long is ISMS certification valid for?

ISO27001: 3 years
TISAX: 3 years
ISIS12: 3 years


Still have questions?