Cyber attacks have become more frequent, intercepting valuable information and disabling systems. Businesses do not only fear to damage to their image inhering in a revealed lack of information security, but also severe economic losses. This is why SMEs and global business groups are likewise affected, and must install active protection.
You are not prepared for an attack of your systems? You lack information security guidelines as well as information security risk management? You would simply like to enhance your company´s information security level?
We accompany you on your road from its conception to the implementation of an ISMS. In case that you aim at a certification such as ISO27001 or TISAX®, we are pleased to assist as well.

ISMS consulting and implementation

What is an ISMS?
An Information Security Management System (ISMS) includes a company´s guidelines in terms of security levels, its appetite for taking the risk and takes legal framework into account. It collects processes, standards and regulations of the organisation. They in turn define, stere, control and maintain ist information security.
The implementation of an ISMS is one oft he most important steps towards integral information security in your company. It is a complex and challenging task. It is not only about complying with information security and data protection regulations. It is also about consistent and clear guidelines for the planning, implementation and supervision of information security in your company.
Our informaiton series on the topic of ISMS shows you the ropes of information security in German language.
This is how we can support you

We first determine the current level of information security in your company. This is always done individually, tailored to your needs. Regardless of whether you are aiming for certification, compliance with the current standards in information security is a matter of course for us. Together with your project team, information security officer or information security coordinator, we create a project plan. You then have the choice of whether you want to take care of the project implementation yourself or whether we can continue to support you in your project.

Regardless of certifications such as ISO27001 or TISAX®, which affect information security, companies should know and be able to deal with risks. The company values must first be identified as the basis for risk management. We consider your critical or value-adding business processes and categorize your assets. To do this, we work with you to draw up an inventory of the values. We advise you on the implementation of asset management and find workable solutions for you to continuously record and display your primary and secondary assets.

Risk management is an important instrument in information security and is based on functioning asset management. Risk management in information security is not only essential for certifications such as ISO27001 or TISAX®. It also helps companies to identify potential information security risks in good time and to react appropriately. The aim is to guarantee the required availability, integrity and confidentiality of company information. We first identify your company’s risk appetite together with you. We create a guideline for risk management, record the relevant risks, analyze and evaluate them and together draw up a treatment plan to minimize risks.

Would you like to approach information security management in your company professionally and are you looking for a long-term partner for your project? Whether as a consultant or an external information security officer – we implement the standards of your desired certification such as ISO27001 or TISAX® with you and ensure a functioning ISMS.
If you wish, we are also your contact for all topics relating to data protection in your company. We also advise you on this or provide you with the external data protection officer.
Our team for your benefit

It is not only with the eyes of our information security specialists' eyes that we look at information security. Our team also consists of information security specialists as well as certified data protection officers as well as jurists. We all strive to suggest best practical and actionable solutions for the frequent contradictions in legal and regulatory requirements. In addition, we also attach particular importance to the perspective of corporate management, which is covered by our many years of experience in the fields of compliance and management. Our team and our approach allows us to look at information security in it's entirety and thus open up new vistas to you and your organisation.

Be it for a certification or simply for a higher level of security – It is your goal to make a lasting improvement of information security in your company. We help achieve your aim in a methodical and well-structured way. We support you in setting-up an Information Security Management System (ISMS). Even regardless of national and international standards such as ISO27001, the first step is to define the scope of your ISMS. Close cooperation with you next to business and sector sepcific standards and regulations are key for us to work out an action plan, which is geared to your individual requirements, We therefore audit all relevant divisions of your company, with the objective of exposing derivations between target and performance resulting in an optimum plan of action. It is on you to decide which part you would like to put to practice yourself and which tasks you would like to call our assistance for, depending on the resources of know-how and time in your company.
Information security is not a project but a continous challenge for the entire company. This is why we also support you in maintining your ISMS for you to obtain a true added value for your company.

VDA-ISA and TISAX® consulting
Has one of your customers asked you to prove that your information security management systems comply with the “VDA Information Security Assessment” requirements (TISAX® label)? Or do you just want to be ready for a potential certification request? Our certified TISAX® consultants are pleased to support you. We offer our service as consultants in order to ensure that your company is perfectly prepared for the TISAX® certification. The certification itself is undertaken by an accredited certifying body.
The brand TISAX® is owned by the ENX Association.

What is TISAX®?
Lots of car manufacturers frequently develop their products in collaboration with supplier companies. In order to guarantee safe processing and a confident exchange of data, the automotive industry union developed the testing and exchange mechanism TISAX® (Trusted Information Security Assessment Exchange) in 2017.
The brand TISAX® is owned by the ENX Association.
This is meant to ensure that business partners working together have a comparable and appropriate level of information security. Special attention may be paid to comprehensive prototype protection, meaning that prototypes are well protected at every stage of the supply chain.
Car suppliers and service providers needing to prepare for TISAX® certification turn towards the VDA-ISA question list which is in turn largely inspired by the requirements of the standard DIN ISO 27001.
An important part of this standard is the development of an information security management system (ISMS), which requires 3 elements in particular: 1. the development of basic ISMS processes, 2. an established risk management system within the company, 3. an internal control system which regularly deals with corporate risks.
We prepare your company for TISAX® certification

Developing and maintaining an information security management system (ISMS) is already a complex task. Proving to your business partners that ISMS is up to the job further increases the complexity and the amount of work. However, as a standard in the automotive industry, TISAX® reduces the amount of work through the uniformity of the integrated security level. Furthermore, the secure exchange platform ensures the secure exchange of information regarding your ISMS status, the so-called TISAX® label.
However, achieving this depends on many complex, individual questionnaires per business relationship, and TISAX® certification needs to be renewed every 3 years. We’ll be happy to help you prepare for handling these complex details and to pass the TISAX® audit.

In order to obtain TISAX® certification and be able to prove it long-term, it is necessary to develop an ISMS which guarantees the specifications and the required level (in accordance with ISO 27001). To develop this with you, we record your basic data at the start of our time working together and carry out an audit of the relevant departments to determine what chance your company has of passing the TISAX® certification process. We work out the gaps between “what is” and “what could be” and set up an optimal implementation action plan for you.
To do this, we take your business model and the appropriate VDA category into consideration, as well as the individual scope for the certification you’re aiming for and we provide you with templates for questionnaires, checklists, etc. to simplify and speed up the process.
As soon as all relevant measures are thoroughly documented and put into practice an accredited certification body of your choice can audit your management system. Provided that the audit is successful, this independent thrid party awards you with the respective TISAX® label.
DIN ISO 27001
Do you need to prove to your customers that you care about information security and want to prove this with a certificate and thus improve your company’s image? Has a customer requested that your information security management meets the standard of ISO 27001? Or do you just want to improve your information security, bring it up to an international standard and have it certified in black and white?

What is DIN ISO 27001?
DIN ISO/IEC 27001, shortened to ISO27001, is an internationally recognised standard for information security in companies.
The aim of the standard is to introduce an information security management system (ISMS) into a company to establish an appropriate level of information and information security and continuously improve them. Organisations also minimise the risk of cyberattacks and data thefts through an ISMS.
Starting with information security risk management and making your employees aware of the issues and carrying on through to implementing technical IT measures, the ten sections of ISO27001 give you relevant aims for achieving an appropriate security level in your company. If the standard is implemented in full, companies can have their management system certified according to ISO27001.
For this purpose, 3 elements in particular are required for the development of an ISMS: 1. the development of basic ISMS processes, 2. an established risk management system within the company, 3. an internal control system which regularly deals with corporate risks.
We prepare your company for DIN ISO 27001 certification

ISO 27001 certification is an investment in the future of your company. It will establish international confidence and improve your corporate image.
It also means that business partners and customers are given sound evidence that a state-of-the-art information security level has been established and is being practised in your company. At the same time, you’ll also minimise business and liability risks and increase competitiveness on the market.
We’ll work together with you to develop a functioning information security management system (ISMS). You’ll be certified quickly and efficiently, and you will, among other things, reduce your process costs and you may even reduce your insurance contributions.

In order to obtain DIN ISO 27001 certification and be able to prove it long-term, it is necessary to develop an ISMS which covers the requirements for orderly risk management to reach the required level. So that we can develop this with you, we record your basic data at the start of our time working together and carry out an audit of the relevant departments.
We work out the gaps found between “what is” and “what could be” and set up an optimal implementation action plan for you. Of course, we’ll also give you guidance and resources to assist you in implementing it.
To do this, we take your business model and your specific requirements into consideration, as well as the individual scope for the certification you’re aiming for and we provide you with templates, sample documents, questionnaires, checklists, etc. to simplify and speed up the process.
What do our customers say about us?

„The aigner business solutions team impresses us with extremely competent and solution-oriented advice. Thanks to the excellent cooperation, we have enormously improved our information security management and passed the certification right away. We can only recommend aigner business solutions.”

„An excellent collaborative partnership. This is characterised by the competent, comprehensive data protection advice, which was always geared towards our requirements. It is nice to have data protection officers bringing concrete recommendations for solutions to take us forward instead of constantly only talking about what isn’t possible.”

“We feel extremely well taken care of thanks to the flexible support from the competent team of specialists at aigner business solutions. If you constantly have the right contact from the fields of IT or law on your side, data protection isn’t an obstacle – instead, it can ultimately be used as a mark of quality. With its data protection “as a service” approach, this team provides the optimal key for top data protection and IT security – and always in a solution-oriented way!”

„Competence – reliability – flexibility! These three characteristics define our experience of working with them. For us, aigner business solutions is the best place to go to take your data protection and IT security to the next professional level in a solutions-oriented way.”
Your benefits at a glance:
- You find out about the current security level of your IT systems
- An interdisciplinary team made up of certified information security experts, lawyers and data protection officers – always put together to be suited to you and your needs
- Reviews and support in developing your ISMS
- Optimising your IT systems and processes to adhere to security standards and legal requirements
- Outsourcing of necessary but annoying documentation tasks
- Raising awareness for information security risks among employees
- Using 20 years of experience and passion for information security to secure your data

Here's how it works...
Click on the “Make an appointment” button, fill in the contact form with your details and make a suitable appointment for a free consultation, or simply call us.
Together, we’ll find out what services you require, take a detailed look at what working together would look like, and how much work it would be.
Depending on the service required, we’ll start out analysing the current situation. We use that to work with you to develop and implement a plan of action/project plan.
If you wish so, we help you put the documented measures and regulations into practice.
We present our results and let you have a report for you to be able to work independently. Our team will, if needed, remain by your side and be available to you as consultants in the future.
Other questions...
Yes, it’s completely free and non-binding – it is just an opportunity to get to know each other and to find out if and how we can help you with your issues. You will absolutely not be invoiced for the consultation.
Yes, of course! We only use consultants who demonstrably possess the requisite specialist knowledge, i.e. a degree in information security, are certified DIN ISO 27001 or ISIS 12 lead auditors, and who also have relevant professional experience.
The best thing to do is to see for yourself and to ask for a free initial consultation!
IT security audits in preparation for ISO 27001, TISAX or ISIS 12 certification. Final certification is carried by an accredited certification body such as a TÜV.
Furthermore, data protection audits in accordance with the GDPR and appropriate supplier audits, such as reviews of the TOMs on site with the supplier or order processor.
Depending on which audit is being carried out (data protection or information security), we examine the points required by the General Data Protection Regulation or verify the secure operation of your data centre, the organisational information security processes and the correct use of hardware and software. Inspections and practical examinations of various company processes are among the active parts of every audit.
This depends on the size of the company and the scope of the audit. If you have any questions about this, request a free consultation. An audit is generally carried out by two certified auditors (a lead auditor and a co-auditor) and subsequently thoroughly documented in a report.
It depends on the request. Sometimes this will come straight from your own customers. Say you receive a request from your customer to have a specific audit carried out, in accordance with TISAX or DIN ISO 27001, for example, then this should be complied with. Other audit obligations are often a direct result of the GDPR (accountability as per Art. 5 of the GDPR).
ISO27001: 3 years
TISAX: 3 years
ISIS12: 3 years
