Professional consulting for ISMS

Fewer risks and greater control thanks to efficient management of information security

Book a demo

Contact Sales

White paper

Consulting for information security

What is an information security management system and why is it essential?

The world is evolving rapidly, the level of automation in IT is growing, companies are becoming increasingly connected, the working world is becoming more digital, attacks from the Internet are becoming increasingly common, especially in recent times. Standards today incorporate sustainably implemented and effective handling of internal and external data and information, which has to be protected against unauthorized access. This is the only way to prevent economic loss, while at the same time protecting the valuable information from threats such as manipulation and unauthorized access.

Information security is not restricted to digital data, networks, data carriers and computers. Rather, it deals with the entire network and computer security and data protection and is by no means limited to the digital form of the data.

Whether hacker attacks on servers, the unauthorized decryption of data, espionage and sabotage, vandalism or forces of nature, such as fire, storm or floods, each of these aspects needs a well thought out and fundamental concept.

A critical information security management system contains many elements. Guidelines and security concepts must be defined or updated. Risks must be continuously reassessed, measures defined and their implementation monitored. Audit plans must be created, prepared, implemented and followed up. Improvement potential should be continuously identified and realized.

The ISMS has to adequately protect the fundamental values of confidentiality, integrity and availability of information. This includes safeguarding information processing, in particular in relation to IT.

IT service management from USU
  • Confidentiality
    Information must be treated confidentially. Only authorized users are allowed to read, process, modify and access information.
  • Availability
    Information must not be lost and must be accessible to authorized persons. The availability of data enables stable and guaranteed access to information and prevents system failures.
  • IntegrityIntegrity means that information is not changed unnoticed. This can happen, for example, when hackers infiltrate systems and illegally manipulate the data, or if insufficiently tested software is rolled out, which then unintentionally changes the data.
ICD: IT service management from a single source


Your Consultant for Information security management

Complete relaunch of an ISMS? Specific ISMS optimization as part of the continuous improvement process? Preparation and implementation of audits? Optimization of risk management? Or planning and implementation of technical and organizational measures? We are always at your side as a competent partner with advice, but above all support. Simply handz.on.

  • Certified consultants and auditors
    We offer you new and unbiased perspectives of all topics relating to the security of your information.
  • All-embracing and practical
    We support and advise you on the practicalities of integrating a comprehensive information security management system into your everyday work.
  • Internal data protection audits
    We prepare internal and external audits with you and conduct them.

handz.on – Information security

The benefits of an effective ISMS for your company

  • Identify and prevent potential threats to the company’s information and data.
  • Retain customers and boost sales – by handling data and information securely, you create trust, thus strengthening cooperation in the long term.
  • Lower your costs with an effective system – implemented in a structured and sustainable way!
IT service management from USU

Current standards for information security – the most important information at a glance

Our certified consultants advise and support you in implementing and optimizing an efficient and manageable information security management system, which takes account of national (IT baseline protection (in German “IT-Grundschutz”) and international (ISO 27001) requirements. Alongside this, we develop architectures and solutions for you that allow you to achieve the protection goals for your information every day.

An information security management system is a formulation of roles, responsibilities, regulations and procedural guidelines aimed at structuring information security and permanently defining, managing, controlling and constantly improving it. The ISO 27001 international standard specifies the requirements for establishing, implementing, improving and maintaining the information security management system.

ISO 27001

  • Formulates the requirements for an information security management system.
  • Defines requirements for assessing and handling security risks.
  • Considers information security in the context of the organization and encourages management to include internal and external factors.
  • Takes account also of conformity with laws and regulations.
  • Defines specific management activities, such as assessing information security management based on definable KPIs.
  • Is intended for use by internal and external auditors to determine implementation.
Certified expertise in data protection management
handz.on: Certified IBM partner

IT baseline protection from the German Federal Office for Information Security (BSI)

  • Aims to achieve an appropriate level of protection for IT systems.
  • Recommends technical security measures as well as infrastructural, organizational and personnel protection measures.
  • Forgoes detailed risk analysis.
  • Instead, defines three protection requirement categories and assigns specific measures to them.
  • Can be combined with ISO 27001 (ISO 27001 based on IT baseline protection).

Consulting for information security

Our handz.on service – strategy, processes, solutions from a single source


Trust is the basis for good and long-term cooperation. Strengthen the trust of customers and partners in your company. With transparency and complete control of your information assets and data, you set a high standard and prove yourself to be a trustworthy partner.


Streamlined and at the same time effective information security processes can be easily implemented in day-to-day business and increase acceptance among your customers and partners. An effectively implemented information security management system will help you to reduce your costs and boost your sales.


We are experts in our field. Get professional consultancy and support from our trained and distinguished consultants. Our certified employees are always at your side as a competent partner with advice and support.

We support you in implementing your ISMS

Your contact

Sebastian Welke
Team Lead Information Security Management

Tel.: +49-89-7167767-0

1 Step 1
Privacy Notice

* Required field

FormCraft - WordPress form builder
Scroll to Top
Scroll to Top