Compliance

Entweder ist es Ihr Marketing bzw. Vertrieb, das mit einem  ISO/IEC27001:2022 Zertifikat Kunden gewinnen will. Oder es ist Ihre Lieferkette in Form eines Auftraggebers, der TISAX von Ihnen verlangt. Oder die Frist für DORA ist Ihre Sorge. Oft genug sind die Fristen abgelaufen oder unverhältnismäßig nah. Die Einführung eines ISMS, das mit gleich welchem Framework arbeitet, dauert für gewöhnlich 1,5 Jahre bis es steht. Ein ISMS gibt es von der Stange - und es funktioniert nicht. Und weil die Stangenware nicht funktioniert, gibt es auch kein Zertifikat. Und wenn doch schützt es sie nicht. 

​

Either your marketing or sales team aims to attract customers with an ISO/IEC 27001:2022 certification, or your supply chain—through a client—requires you to comply with TISAX. Perhaps your main concern is meeting the deadline for DORA. More often than not, deadlines have already passed or are alarmingly close. Implementing an ISMS, regardless of the framework, typically takes around 1.5 years to become fully operational. Off-the-shelf ISMS solutions exist—but they don’t work. And because they don’t work, certification is out of reach. Even if achieved, it offers no real protection.

If the certification itself is your sole driver, the process will be painful—for everyone involved. Certification should not be the ultimate goal but rather the natural outcome of a meaningful approach. However, the desire for certification can serve as a valuable starting point for engaging with the topic. Our expertise—and our strength—is in helping you move closer to your certification goal while instilling purpose in your compliance efforts, making it something your employees can actively support and embrace.

Since October 2024, NIS2 has become a legal reality within the EU and, under certain conditions, can be enforced even without national legislation. First and foremost, stop wondering whether your industry is affected—companies outside the designated sectors may still be impacted as part of the supply chain. At the same time, you might be surprised at how little is actually required to achieve compliance.

Your overall compliance posture will likely be scrutinized beyond the minimum regulatory requirements—by insurers, certification bodies, and clients alike. The real challenge is not just meeting the basic standards but positioning yourself effectively, given the limited resources available. Following the Pareto principle, the most valuable audits are those that align with real-world conditions. They help you avoid complications, retain customers, obtain certifications, and more. Additionally, proactively addressing legal liability risks is an integral part of the process.

You benefit from an expert, external perspective to position your organization optimally.