Governance consulting

IT governance is the anchor and basis of your security architecture and measures. It is an important component of corporate management and, with normative IT security, it creates the prerequisites and a regulatory framework for IT to perfectly support the company’s goals.

NIS2 and the IT-Sicherheitsgesetz 2.0 in particular require suitable technical and organisational IT security measures. You can see here whether your company is affected.

We help you to answer the question of what IT can and must contribute toward the success of the company.

  • Risk management

    ISMS, BSI IT Grundschutz, NIST

  • Compliance

    ISO 27001, KRITIS, PCI, MaRisk, BAIT, VAIT

  • Data protection & privacy

    General Data Protection Regulation (EU) (GDPR), Europäische Datenschutz-Grundverordnung DSGVO

NIS2 checklist and solutions

  • Risk Analysis

    NIS2 requires the implementation of risk analysis and security concepts for all information systems.

    Risk Assessment
  • Security Concept and Emergency Management

    An ISMS guarantees the documentation and success monitoring of the required security guidelines.

  • Risk Management and Reporting Obligations

    Evaluate the effectiveness of the measures implemented and fulfil your reporting obligations when managing vulnerabilities.

    Vulnerability Management Managed SOC
  • Awareness Training

    Sensitise employees to the topic of cyber security with suitable practical training.

    Awareness Training
  • Security Technology

    State-of-the-art IT security tools enable reliable and forward-looking automation of the incident process.

    IT Security Solutions Vulnerability Management
  • Ensuring Security Standards

    The "systems for continuous attack detection" should be operated in such a way that they are always up to date and include current cyber threats.

    Managed Security Services

Risk management

No room for compromises

As IT systems are becoming more and more complicated and are generally prone to error or contain errors by design, this results in numerous threat scenarios with high risks for all companies.

Risk assessments play a fundamental role in meeting the relevant requirements by law or by your company’s specific industry. We assist you with risk management in accordance with ISO 31000:2018 in operating functional and streamlined risk management, or we perform it on your behalf.


Effective security expertise

Legal requirements change on a regular basis. Harmonizing profitability, modern data backups and IT security is hard to achieve? This is one of the most common misconceptions. The basic requirements for confidentiality, availability and integrity have always remained. But the technologies and the processes change.

Together with our certified consultants, we help you to keep on top of the various requirements like BAIT, VAIT, KRITIS, B3S and ISO 27001, and assist with the introduction of new technologies, including the adaptation of business processes.

Data protection

Legal and data security for your company

Countless provisions and directives relevant to data protection come from the German Federal Data Protection Act (BDSG) and the EU-GDPR (EU General Data Protection Regulation). Legislators threaten those that do not comply with these provisions with severe fines.  However, a data protection concept which leads to specific data protection measures offers initial relief and prevents the worst from happening. We help you produce tailor-made data protection concepts and construct a DSMS, or we create the concepts for you completely as your data protection officer.

Our consultants are fully up to speed with the BDSG and EU-GDPR from years of experience and TÜV certifications. Our experts swiftly develop a concept to protect your data or provide advice on changes in your company. As an external data protection partner, we reduce your risk.

Allianz_Teilnehmer BSI

Your contact

Joscha Sternadel, Portfoliomanager bei Consist

Joscha Sternadel

Portfolio Manager

phone: +49 431 3993-775

mobile: +49 162 2130358