Information & Cyber Security

Cyber Resilience: We advise how!


In order to manage IT security holistically, a fundamental and integrated cyber security strategy is required in the company, which is made up of several building blocks and covers personnel, technical and organizational measures. The goal is to increase resilience, or the ability of a company to adapt to and counteract damaging cyber incidents.

In addition to IT security tools for protection against threats (threat protection) and the sensitization of all employees (awareness), the adaptability of IT organizations is also required. Management systems such as an information security management system (ISMS), for example in accordance with the international standard ISO/IEC 27001, can help. Despite all the preventive measures taken, cyber attacks are still sometimes successful. What matters now is the durability and recoverability of your business processes. The basis for this is a functioning emergency management / business continuity management (BCM).



Our consulting components

Adaptability, durability and the ability to recover are among the cornerstones of an integrated cyber security strategy. With our consulting modules, we provide answers in all subject areas.

Confidentiality, Integrity & Availability

Information security and data protection management systems are essential for protecting IT infrastructure and sensitive personal and corporate data. Their implementation is a management matter, but the path to achieving this is costly and complex. As experienced consultants, we support companies and official institutions in the structured, organization-adapted introduction of information management systems in accordance with ISO/IEC 27001 and BSI IT-Grundschutz or in accordance with the extended requirements for KRITIS operators from the BSI Act, as well as in data protection in accordance with ISO/IEC 27701, the DSGVO and specific legal requirements.

Building blocks of our consulting:

  • ISMS according to ISO/IEC 2700X family of standards
  • IT security concepts and ISMS according to BSI IT-Grundschutz 200-X and B3S
  • Data protection according to ISO/IEC 27701 (in conjunction with ISO/IEC 27001) & standard data protection model (SDM)

Continuity in case of emergency & crisis

Despite all precautions and measures, a residual risk remains. This is all the more true for areas with a high rate of innovation such as IT. Business continuity management systems (BCM) help commercial enterprises and government bodies to maintain or protect their business-critical processes and resources in the event of an emergency or crisis. Our experts can advise you on the development of an individual approach for your organization.

Building blocks of our consulting:

  • Business Continuity Management (BCM) according to ISO/IEC 22301
  • Business Impact Analyses (BIA)
  • Preventive (IT) emergency and crisis planning & reactive (IT) emergency and crisis management according to BSI IT-Grundschutz 200-4

Remote & on-site at your side

Despite all preventive measures, a successful hacker attack is only a matter of time. Companies are often rightly uncertain whether their IT systems have already been compromised. A Compromise Assessment by TÜVIT experts provides clarity. If your systems are clearly under attack, help is needed quickly. With our methodical knowledge, equipment and tools, our forensic specialists are quickly at your side to minimize business interruptions and put a stop to repeat attacks.

We provide rapid assistance in these areas:

  • Compromise Assessments
  • Digital Forensics & Incident Response (DFIR)
  • Post-Breach Assessment
  • SOC/CDC optimization



„Data protection is more than GDPR. Our data protection experts evaluate the legal requirements and implementation options for each use case and put you on the secure data protection side.“

Antje Piel, TÜV NORD IT Secure Communications





As part of a knowledge group, we build sustainably on the competence of our employees. You can rely on that!


Transparency in the measures is the first step towards more IT security. This is how we advise and act ourselves.


As vendor-independent consultants, we maintain neutrality with respect to existing market solutions and advise customers on the implementation of custom-fit, secure solutions.