SERVICE

CISO & Team

We support you in setting up, operating and developing an ISMS in accordance with ISO/IEC 27001 — with practical expertise and flexible support. You decide: relieve the load permanently or reinforce it selectively.
Book an initial consultation

Our performances involve

Holistic support for your ISMS — practical, strategic and individual. From integration to certification.

Integration & operation

Integration into existing business processes, maintenance and update of ISMS documentation

Strategy consulting

Support for management and departments in risk assessment and action planning

Compliance & Audit

Review of legal and regulatory requirements, audit preparation & support, management reporting

Awareness & training

Target group-specific training, campaigns and guidelines to strengthen the safety culture

risk management

Structured risk recording & treatment, development of a risk management system, incident management including response plans

Transparency & reporting

Establishment of communication processes, regular status reports for all stakeholders

Certification support

Support throughout the certification process — from preparation to aftercare

Our approach is clear principles

Our work is based on clear principles — for effective, sustainable solutions that are consistently geared to business benefits:

Risk-based governance

Decisions and priorities are consistently based on the actual risk for the organization.

Efficiency and scalability

No over-engineering — processes and solutions are designed to conserve resources and can be expanded flexibly.

Practical implementation

The focus is on feasible measures that can be integrated into everyday operational life.

Close coordination with departments and management

Safety measures are not isolated, but developed in dialogue with stakeholders.

Continuous improvement and added value

All activities are aimed at measurable progress, long-term effectiveness and strategic added value.

In two phases to the destination

Our approach follows a clear, two-stage model. In this way, you always have an overview and know exactly where your company stands in the ISMS process. Efficiency, transparency and sustainability are at the heart of every phase.

01.

conception and setups of the ISMS

In the design and implementation phase, the ISMS team performs central tasks such as project initialization, as-is analysis, scope definition, risk assessment, development of ISMS documentation, awareness raising, rollout of measures and preparation for audits — with a total effort of around 480 hours.
Show Detailscontact us
task
Estimated effort
In general
40 hours
Initialization, Project Planning, Jour Fixe
Current situation analysis and assessment of requirements
32 hours
Survey of the current state of information security, identification of existing processes, systems and risks.
Defining the ISMS scope
20 hours
Defining the organizational, systemic and procedural areas covered by the ISMS.
Establishment of control and communication structures
24 hours
Appointment of an information security officer (ISB), structure of the security organization with duties and responsibilities.
Risk assessment and risk treatment
40 hours
Implementation of initial risk analyses, definition of protective measures for risk treatment and development of a risk management process.
Preparation of ISMS documentation
80 hours
Development of policies, procedures, processes and guidelines in accordance with the requirements of ISO/IEC 27001 or comparable standards
Training and awareness-raising
24 hours
Introductory training for employees and managers to promote safety awareness
Rollout of security measures
180 hours
Planned and controlled rollout of defined protective measures and requirements in the relevant areas of the company, accompanied by change management and internal communication.
Preparation for certification or audit processes
40 hours
Assistance with internal audits or external pre-audits to make the ISMS ready for certification
totaling
480 h
pointers
The time frames and expenses specified in the following sections serve as a guide. They can vary depending on the size of the company, the complexity of the IT landscape, existing structures and the desired project depth.
Hide Details
  • Different Entries for Tenants, Branches or Companies
  • Control user access of each workspace
  • Share assets between workspaces
02.

Control of ISMS in daily business

In this phase, as an internal CISO and team, we are responsible for the continuous management, maintenance and development of the ISMS. This includes, for example, regular planning, documentation, training and audit support, as well as the situational treatment of security incidents and the implementation of improvement measures — with an expected annual effort of around 250 hours.
Show Detailscontact us
task
Estimated effort
General tasks*
200 hours
Continuous planning & management:
  • Coordinating and prioritizing ISMS activities
  • Organization of regular voting (e.g. Jour Fixe)
Reporting & Management Review:
  • Preparation of regular reports on the security situation
  • Preparation and implementation of management reviews.
Evaluation of risk assessment:
  • Regular review of existing risk analyses
  • Update when conditions change.
Maintenance & update of ISMS documentation:
  • Continuous updating and expansion of policies, procedures and documentation in line with new requirements.
Audit:
  • Planning and execution of internal audits
  • Support for external audits
Awareness and training:
  • Annual refresher training for existing employees to strengthen safety awareness
Situational benefits
50+ h
Incident Management:
  • Coordination and processing of security incidents; vulnerability management.
  • Documentation and implementation of “Lessons-Learned”
Support for external audits:
  • Planning and execution of internal audits
  • Support with external audits
  • Follow-up and implementation of corrective measures.
Continuous improvement:
  • Identification of new legal and normative requirements
  • Continuous identification of optimization potential
  • Integration of improvement measures in the ISMS
Onboarding training:
  • Training for new hires
totaling
480 h
*) Expenses for general tasks are expressly approved upon assignment. Deviations of up to +20% compared to the initially estimated expenditure amount are considered co-commissioned and do not require separate approval and are calculated as ad hoc services.
Hide Details

performance and price overview

In the start-up phase, the ISMS is introduced in the company in a structured manner and the foundations for effective information security are laid. The following estimates are indicative and may vary depending on specific requirements, project expansions, or organizational changes.

power
prize (plus VAT)
Design and structure of the ISMS
Monthly
Subscription package:
8.997€/month
  • The contract runs for at least six months and includes up to 80 hours of support per month at a discounted starting price from a dedicated ISMS team.
  • Duration e.g. 3 - 5 months
Managing the ISMS in day-to-day business
Monthly
Subscription package:
2.497€/month
  • The contract has a minimum term of twelve months and comprises up to 20 hours of supervision per month by a dedicated ISMS team.
  • Minimum remaining period: 12 months
Ad hoc services
Only what actually occurs is calculated

Additional expert days (e.g. workshops, deep dives, special projects)

pointers
  • With a monthly flat rate, you get a dedicated ISMS team that continuously supervises your processes, adapts requirements and implements new requirements — without any additional time recording or expenditure items.
  • Our daily rate model offers maximum flexibility for short-term or one-off projects. If necessary, you can book additional expert days, for example for more in-depth security assessments, additional workshops or special task force assignments. Optionally, you can add one of the other offers at any time. This gives you full cost transparency and at the same time allows you to react quickly to new requirements.
Ready to take the next step?
Book a non-binding strategy meeting right here.
contact us

Enjoy security without complicating it.

© 2025 Secobo GmbH. All rights reserved.

HomecontactimprintLegal notices