Modular process model for information security consulting
We have devided our process model into modular phases. Each phase builds on the previous one, but support in individual phases is also possible.
Phase 1 Gap analysis
In the first step, it makes sense to carry out a gap analysis - the neutral analysis of the current situaion in your company - in a joint workshop. On the basis of document review and interviews, you will find out where you stand and which tasks still need to be performed to achieve your goals. Our consultants will then derive the necessary improvements and evaluate the implementation effort.
A gap analysis can also be the results of a pre-audit on information security or a TISAX® assessment with corresponding findings.
Phase 2 Implementation
The content and scope of the implementation phase are defined based on the results of Phase 1 and your objectives. We will work with you to develop a catalog of measures to support you in preparing to achieve your goals.
Then it is time to implement the defined measures. These services are offered by OS, but can also be provided by your company, at least in part. The exact division of tasks will be determined at the beginning of this phase.
Phase 3 Support
Our consultants prepare your company optimally for the certification audit or TISAX® assessment, using proven audit checklists. Before and after certification or assessment, our consultants are available to provide immediate support if your employees need assistance or if additional improvement measures are identified.
We assist your company right up to certification maturity.
Phase 4 Further assistance
If necessary, OS' specialist consultants can temporarily carry out activites and processes on your behalf, even if these are the obligations of the client:
- Externally appointed information security officer
- External support for internal audits or reviews
TISAX® is a registered trademark of the ENX Association.