SERVICE

CISO & Team

We support you in setting up, operating and further developing an ISMS in accordance with ISO/IEC 27001 - with practical expertise and flexible support. It's up to you to decide whether you want permanent support or selective reinforcement.
Book First Consultation

Our Services include

Comprehensive support for your ISMS – practical, strategic, and tailored to your needs. From integration to certification, we’re by your side every step of the way.

Integration & Operations

Embedding security into your existing business processes, maintaining and updating ISMS documentation

Strategic Advisory

Supporting leadership and departments with risk assessments and action planning

Compliance & Audit

Reviewing legal and regulatory requirements, preparing for and supporting audits, and delivering executive-level reporting

Awareness & Training

Targeted training, campaigns, and guides to strengthen your organization’s security culture

Risk Management

Structured identification and treatment of risks, implementation of a risk management framework, and incident response planning

Transparency & Reporting

Establishing communication processes and delivering regular status reports to all stakeholders

Certification Support

Guidance throughout the entire certification journey – from preparation to post-audit follow-up

Our Approach Is Driven by Clear Principles

Everything we do is guided by clear principles – to deliver effective, sustainable solutions that are consistently aligned with your business value:

Risk-Based Governance

Decisions and priorities are consistently aligned with the actual risks facing your organization.

Efficiency & Scalability

No over-engineering – all processes and solutions are resource-efficient and designed to scale as needed.

Practical Implementation

We focus on actionable measures that can be integrated into day-to-day operations.

Close Collaboration with Business & Leadership

Security measures are developed in close dialogue with stakeholders – never in isolation.

Continuous Improvement & Business Value

Every activity is geared toward measurable progress, long-term impact, and strategic value creation.

Reaching the Goal in Two Phases

Our approach follows a clear, two-phase model – giving you full visibility into where your organization stands in the ISMS process at any time. Each phase is designed with a focus on efficiency, transparency, and long-term impact.

01.

Design & Implementation of the ISMS

During the design and implementation phase, the ISMS team handles key tasks such as project initiation, current-state analysis, scope definition, risk assessment, ISMS documentation setup, awareness-building, rollout of measures, and audit preparation – with an estimated total effort of around 480 hours.
Show DetailsContact Us
Task
Estimated Effort
General
40 h
Initialization, project planning, regular check-ins
Current-State Analysis & Requirements Gathering
32 h
Assessment of current information security status, identification of existing processes, systems, and risks
Definition of ISMS Scope
20 h
Defining organizational, system-related, and process areas covered by the ISMS
Establishment of Governance & Communication Structures
24 h
Appointment of an Information Security Officer (ISO), setup of the security organization with roles and responsibilities
Risk Assessment & Risk Treatment
40 h
Execution of initial risk analyses, definition of controls, and setup of a risk management process
Creation of ISMS Documentation
80 h
Development of policies, procedures, and guidelines in accordance with ISO/IEC 27001 or equivalent standards
Training & Awareness
24 h
Introductory training for employees and leadership to promote security awareness
Rollout of Security Measures
180 h
Planned and managed implementation of security controls across relevant business areas, including change management and internal communication
Preparation for Certification or Audit
40 h
Support with internal audits or pre-certification assessments to ensure ISMS readiness
Total
480 h
Note
The timeframes and effort estimates provided in the following sections are intended as general guidance. Actual values may vary depending on the size of the organization, complexity of the IT landscape, existing structures, and the desired project depth.
Hide Details
  • Different entries for tenants, branches or companies
  • Control user access of each workspace
  • Share Assets between workspaces
02.

Daily Operational ISMS Management

In this phase, we act as your internal CISO and team – taking responsibility for the continuous management, maintenance, and advancement of the ISMS. This includes regular planning, documentation, training, audit support, handling of security incidents, and implementation of improvement measures.
The expected annual effort for this phase is approximately 250 hours.
Show DetailsContact Us
Task
Estimated Effort
General Tasks*
200 h
Ongoing Planning & Coordination:
  • Coordination and prioritization of ISMS activities
  • Organizing regular alignment meetings (e.g. check-ins)
Reporting & Management Review:
  • Preparing regular security reports
  • Planning and conducting management reviews
Risk Evaluation:
  • Regular review of existing risk assessments
  • Updates based on changing conditions
ISMS Documentation Maintenance:
  • Continuous updates and expansion of policies, procedures, and documentation based on new requirements
Audit:
  • Planning and execution of internal audits
  • Support during external audits
Awareness & Training:
  • Annual refresher training for existing staff to strengthen security awareness
Ad-hoc Activities
50+ h
Incident Management:
  • Coordination and resolution of security incidents; vulnerability management
  • Documentation and implementation of lessons learned
Audit Support:
  • Internal audit planning and execution
  • Support during external audits
  • Follow-up and implementation of corrective actions
Continuous Improvement:
  • Identification of new legal and normative requirements
  • Ongoing identification of optimization potential
  • Integration of improvements into the ISMS
Onboarding Training:
  • Training sessions for new employees
Summe
480 h
*) The effort for general tasks is explicitly approved upon commissioning. Deviations of up to +20% from the initially estimated workload are considered pre-approved and do not require separate authorization. These additional hours will be billed as ad-hoc services.
Hide Details

Service & Pricing Overview

During the setup phase, the ISMS is systematically introduced across the organization, laying the foundation for effective information security. The following estimates serve as a guideline and may vary depending on specific requirements, project extensions, or organizational changes.

Service
Price (excl. VAT)
ISMS Design & Implementation
Subscription fee:
€8,997 / month
  • The contract has a minimum term of six months and includes up to 80 support hours per month at a discounted introductory rate, provided by a dedicated ISMS team.
  • Duration: 3–5 months
Ongoing ISMS Management
Subscription fee:
€2,497 / month
  • The contract has a minimum term of twelve months and includes up to 20 support hours per month by a dedicated ISMS team.
  • Minimum term: 12 months
Ad-hoc Services
Only billed as incurred

Additional expert days (e.g. workshops, deep dives, special projects)

Notes
  • With a monthly flat rate, you’ll have a dedicated ISMS team that continuously supports your processes, updates requirements, and implements new demands – all without additional time tracking or extra billing items.
  • Our daily rate model offers maximum flexibility for short-term or one-off projects. You can book additional expert days as needed – for example, for in-depth security assessments, extra workshops, or special task force operations. Optional upgrades to other service packages are possible at any time. This ensures full cost transparency while giving you the flexibility to respond quickly to new challenges.
Ready to take the next step?
Book a free strategy session with us – no obligation, no pressure.
Contact Us

Enjoy Security without complicating it.

© 2025 Secobo GmbH. All rights reserved.

HomeContactImprintLegal notice