Modular process model for information security consulting

We have devided our process model into modular phases. Each phase builds on the previous one, but support in individual phases is also possible.

Phase 1   Gap analysis

In the first step, it makes sense to carry out a gap analysis - the neutral analysis of the current situaion in your company - in a joint workshop. On the basis of document review and interviews, you will find out where you stand and which tasks still need to be performed to achieve your goals. Our consultants will then derive the necessary improvements and evaluate the implementation effort.

A gap analysis can also be the results of a pre-audit on information security or a TISAX® assessment with corresponding findings.

Phase 2   Implementation

The content and scope of the implementation phase are defined based on the results of Phase 1 and your objectives. We will work with you to develop a catalog of measures to support you in preparing to achieve your goals. 

Then it is time to implement the defined measures. These services are offered by OS, but can also be provided by your company, at least in part. The exact division of tasks will be determined at the beginning of this phase.

Phase 3   Support

Our consultants prepare your company optimally for the certification audit or TISAX® assessment, using proven audit checklists. Before and after certification or assessment, our consultants are available to provide immediate support if your employees need assistance or if additional improvement measures are identified.

We assist your company right up to certification maturity.

Phase 4   Further assistance

If necessary, OS' specialist consultants can temporarily carry out activites and processes on your behalf, even if these are the obligations of the client:

  • Externally appointed information security officer
  • External support for internal audits or reviews

TISAX® is a registered trademark of the ENX Association.