Information Security Officer (ISO) for SMC

Icon Information Security, © NESEC GmbH

"Information security is complex, time-consuming and expensive. Qualified employees are also hard to come by due to the shortage of skilled workers. Information security can therefore only be afforded by large companies." We hear these statements again and again when we talk to smaller companies about information security. And yes, much of it is true. But it doesn't have to stay that way.

Your organization probably doesn't need a full-time employee dedicated solely to information security. However, you do need the expertise to properly assess risks and make the right decisions. Basically, just like in data protection, where you trust your external data protection officer. And this is where we come in.

Your External Information Security Officer

We support you and your organization as an external information security officer.

What does this mean in detail?

  • We provide you with adapted and suitable guidelines and procedures for information security, which are also required for data protection in the form of technical and organizational measures (TOM). Of course, we also work with text modules and ready-made guidelines to keep the effort to a minimum, but we always adapt them to your specific company and your specific requirements. You don't just receive a PDF to print out.
  • We create a customized usage policy for your employees that takes into account all requirements, e.g. on data protection, the use of mobile devices, working from mobile workstations, etc. Of course, we coordinate the policy with your data protection officer and, if necessary, with your employee representatives and inform and sensitize your employees.
  • We verify the security of your IT systems and find solutions with your system administrators or IT service providers if security problems or risks exist.
  • We confirm the information security goals you have achieved and answer questionnaires from customers and insurance companies on information security.
  • We advise you on strategic decisions, e.g. on the cloud, and on all aspects of information security.
  • We advise you on funding opportunities for digitalization and information security.

We are familiar with the challenges faced by small and medium-sized companies and take these and your specific requirements into account.

Our Service

We provide you with long-term support in all aspects of information security. We work closely with your system administrator, your IT service provider and your data protection officer and pay particular attention to the requirements of small and medium-sized companies.