Do you want to know whether your company is protected against external attacks? Has there already been an incident in which someone unlawfully accessed your IT system and stole or erased data? Or do you just want to make sure that your company is keeping your data and your customers’ data secure?
Information security consulting
Check whether the IT security level in your company fulfils the requirements.
We'll help you to keep your data as well protected as possible!
But why us?
In our 20 years of experience, we’ve seen cybercrime continue to grow and more and more companies fall victim to data theft and extortion.
That’s why we’re so passionate about making the world of IT a safe place and why we want to help companies in the task of “creating a secure IT environment” and to familiarise your employees with the dangers of a cyberattack against your company. That way, IT security can become a practised principle within the company – security is only as good as the weakest link in the chain.
That then means that our partners can give your customers the sense that their data is in safe hands.
We put your information security through its paces
We know that most gaps in security only become apparent under intense scrutiny, which is why we identify your company’s vulnerabilities, points of attack and any gaps in legal requirements as part of an audit right at the start of our consultancy work. We also consider industry-standard requirements, e.g. violations of Basel III or KonTraG [German Corporate Sector Supervision and Transparency Act].
We use the audit to provide you with a picture of your IT security systems and the associated processes, e.g. the status of your ISMS (information security management system). We then use the results of the audit to work with you to create an implementation plan in order to achieve the desired level of information security in your company.
As part of this, we interfere in as few of your processes as possible, only doing so when it is essential.
The perfect team for your information security requirements
We don’t just give you the expertise of one employee – we always put together the perfect team for your requirements. That way, you have access to the many years of experience and the knowledge of our entire team, which is made up of specially-trained IT security specialists and information security officers, as well as lawyers and data protection officers.
That way, we can ensure that your IT systems are always optimally protected and kept up-to-date with regard to information security, compliance with the law, and that plans are properly documented.
We offer you...
Information security risk management
IT risk management identifies, analyses, evaluates and monitors a wide variety of information security risks. It provides support throughout the entire life cycle of IT systems and provides effective counter measures and emergency plans for a wide variety of scenarios. We provide you with the perfect information security risk management system for you: we identify and label risks and then analyse and evaluate them. Individual risks are classified by probability of occurrence and possible ramifications. We advise you in accordance with basic standards.
Supplier audit
Here we review your suppliers or service providers, to see whether they meet the criteria for working together and whether or not they comply with the law and directives. Special attention is paid to compliance with the so-called “TOMs” – technical and organisational measures – and “processing security” in processing relationships (provisions from articles 28 and 32 of the GDPR) so that you can work together in the best possible way and that your risk of being fined is largely reduced.
TISAX®
Has one of your customers asked you to prove that your information security management systems comply with the “VDA Information Security Assessment” requirements (TISAX® label)? Or do you just want to be ready for a potential certification request? We prepare your company for TISAX certification and work with you to develop the necessary information security management system (ISMS). Learn more here.
ISO 27001
This is the leading international standard for information security management systems (ISMS). It gives organisations clear guidelines for planning, implementing, monitoring and improving their information security. We give you advice throughout all the preliminary certification stages and equip you with the required measures and documents. We also help you develop the necessary information security management system (ISMS). Learn more here.
Awareness campaigns
According to current figures (2019 Verizon), 94% of cyberattacks come into the company by email. Malware-infected attachments are clicked on by employees out of ignorance, resulting in your company/ your reputation being damaged. Not to mention the potentially high costs arising from correcting the damage. We train you and your employees in recognising these dangers in order to reduce the number of security incidents. We also provide tailor-made e-learning courses as an optional, cheap tool.
Penetration testing
Here, we carry out targeted attacks to identify how susceptible and vulnerable your networks, IT systems and web applications are to attempted breaches and manipulation. To guarantee this, we use methods and techniques which are also used by real attackers and hackers. At the end, you receive a report which lists the identified vulnerabilities and possible solutions for improving your level of information security. Doing this can increase your resilience (resistance).
Digital forensics
It’s happened, you’ve fallen victim to a cyberattack. Almost every crime leaves behind digital data. We help assess these digital traces so that the culprit can be identified. In order to be able to effectively trace them in cyberspace, the often elusive traces need to be traced to the source across digital devices to ensure that they can be used as evidence in criminal proceedings in court. We assist you with forensic IT analyses, regardless of whether it involves assessing data discs or smartphones, and work with you to close the attack vector so that you can’t be attacked in the place again.
What do our customers say about us?
SOPHIST
„The aigner business solutions team impresses us with extremely competent and solution-oriented advice. Thanks to the excellent cooperation, we have enormously improved our information security management and passed the certification right away. We can only recommend aigner business solutions.”
Rita Craigue – from the TISAX® project team
Wolferstetter Bräu Georg Huber KG
„An excellent collaborative partnership. This is characterised by the competent, comprehensive data protection advice, which was always geared towards our requirements. It is nice to have data protection officers bringing concrete recommendations for solutions to take us forward instead of constantly only talking about what isn’t possible.”
Georg Andreas Huber – owner, Wolferstetter Bräu Georg Huber KG
Maier Korduletsch
“We feel extremely well taken care of thanks to the flexible support from the competent team of specialists at aigner business solutions. If you constantly have the right contact from the fields of IT or law on your side, data protection isn’t an obstacle – instead, it can ultimately be used as a mark of quality. With its data protection “as a service” approach, this team provides the optimal key for top data protection and IT security – and always in a solution-oriented way!”
Franz-Christian Brummer – commercial manager / authorised representative
Lindner Group KG Arnstorf
„Competence – reliability – flexibility! These three characteristics define our experience of working with them. For us, aigner business solutions is the best place to go to take your data protection and IT security to the next professional level in a solutions-oriented way.”
Andreas Bachmaier – managing director
Your benefits at a glance
- You know how secure your IT systems really are and can build on them
- An interdisciplinary team made up of certified information security experts, lawyers and data protection officers – always put together to be suited to you and your needs
- Reviews and support in developing your ISMS
- Optimising your IT systems and processes to adhere to security standards and legal requirements
- Outsourcing necessary but annoying documentation tasks
- Making your employees aware of information security risks (awareness)
- Convenient review of your service providers and suppliers by our experienced auditors
- Using 20 years of experience and passion for information security to secure your data
Here's how it works...
1. Make an appointment
Click on the “Make an appointment” button, fill out the contact form with your details and make a suitable phone appointment for a free consultation.
2. Consultation
Together, we’ll find out what services you require, take a detailed look at what working together would look like, and how much work it would be.
3. Analysis and conception
Depending on the service required, we’ll start out analysing the current situation. We use that to work with you to develop and implement a plan of action/project plan.
4. Implementation
We show you the results together with a report and our team will, if needed, remain by your side and be available to you as consultants in the future.
5. Reporting
Providing support and working together to implement the measures developed before and document the results, with the aim of helping you to help yourself.
6. Certified - secured
Other questions...
Is the consultation really free?
Yes, it’s completely free and non-binding – it is just an opportunity to get to know each other and to find out if and how we can help you with your issues. You will absolutely not be invoiced for the consultation.
Are your consultants certified?
Yes, of course! We only use consultants who demonstrably possess the requisite specialist knowledge, i.e. a degree in information security, are certified DIN ISO 27001 or ISIS 12 lead auditors, and who also have relevant professional experience.
The best thing to do is to see for yourself and to ask for a free initial consultation!
Which audits do you carry out?
Information security audits in preparation for ISO 27001, TISAX or ISIS 12 certification. Final certification is carried by an accredited certification body such as a TÜV.
Furthermore, data protection audits in accordance with the GDPR and appropriate supplier audits, such as reviews of the TOMs on site with the supplier or order processor.
What exactly is examined during an audit?
Depending on which audit is being carried out (data protection or information security), we examine the points required by the General Data Protection Regulation or verify the secure operation of your data centre, the organisational information security processes and the correct use of hardware and software. Inspections and practical examinations of various company processes are among the active parts of every audit.
How long does an audit take?
This depends on the size of the company and the scope of the audit. If you have any questions about this, request a free consultation. An audit is generally carried out by two certified auditors (a lead auditor and a co-auditor) and subsequently thoroughly documented in a report.
Am I obliged to have audits carried out?
It depends on the request. Sometimes this will come straight from your own customers. Say you receive a request from your customer to have a specific audit carried out, in accordance with TISAX or DIN ISO 27001, for example, then this should be complied with. Other audit obligations are often a direct result of the GDPR (accountability as per Art. 5 of the GDPR).
How long is ISMS certification valid for?
ISO27001: 3 years
TISAX: 3 years
ISIS12: 3 years
