Information security is about more than technology: it is about processes, people and informed decisions about risk. I advise organisations that want to protect their data, systems and reputation.
Services
- Information security management systems (ISMS) — implementation and preparation for ISO/IEC 27001 certification.
- Risk assessments — identifying, evaluating and treating security risks, with prioritised action plans.
- Security policies and procedures — from the overall security policy to operational procedures: access control, backups, incident management.
- NIS2 and DORA compliance — assessing obligations and implementing measures for entities covered by the new European frameworks.
- Incident response — response plans, simulation exercises and support in handling real incidents, including the legal notification component.
- Awareness and training — security programmes for employees, from phishing to digital hygiene.
Security + data protection
The advantage of an integrated approach: security measures (Art. 32 GDPR) and compliance requirements are handled together, not in parallel. One risk analysis, one set of procedures, less effort for your team.
Get in touch for an initial assessment.