Information security management system

Protect your information
Information security management system

Information security management is a must for every company

Information security management is in demand wherever the work of a wide range of participants is intertwined. Be it in networked value and supply chains or in digital information management in the cloud. With the help of processes and guidelines, a company permanently manages and controls its own information security. Possible security risks become transparent and thus controllable. The IT and data protection experts at dhpg will be happy to advise you when it comes to developing, introducing or optimising the right information security management for you. ISO 27001 certification can follow seamlessly, but is not mandatory for every industry. Feel free to contact us.

What you can expect from us

Why dhpg?

Information security management without bureaucratic hurdles

Together with you, we develop an information security management system for your organisation. A solution that gives you the security of being well positioned, having arranged everything that is necessary, but still does not create any bureaucratic hurdles. With dhpg at your side, you will have absolute transparency at every point of the process and can rely on timely and on-budget implementation.


Many years of experience

We have many years of extensive project experience in setting up information security management systems. With our best-practice approaches, methods and experience, we build on the processes and structures already in place in your company.


Certifiable at any time

You would like to keep "the door to certification" open? Or are you obliged to be certified due to your performance? No problem. We design the processes of an information security management system so that you can start certification at any time


Safety guaranteed

As part of an audit, legal and tax consultancy, IT information security is part of our DNA. With dhpg at your side, you can be sure to meet legal requirements and compliance at all times.

Your contact for questions about information security management?

Would you like a personal consultation? We would be happy to arrange a non-binding appointment with you to get to know us. We look forward to your call or e-mail and to meeting you.

To the contact persons


What is an information security management system?

An information security management system aims to identify and analyse an organisation's IT risks and make them controllable through appropriate measures. There are various approaches via ISO/IEC 27001 or BSI Grundschutz - dhpg will be happy to advise you on both. Be it in the analysis of the current situation, the conception of the information security management system suitable for you and its documentation, or on the way to a possible certification. We are happy to support you beyond the introduction of information security management, for example when it comes to its further development or revision. As part of an audit, tax and legal consultancy, we always keep an eye on all associated compliance and governance requirements.

Why do you need an information security management system?

The pandemic has clearly shown how ramified our supply and service relationships are today. Data is exchanged digitally using a wide variety of players and systems. Against this background, it is important for a company to be aware of its own IT infrastructure, IT applications and processes. This is to avoid the risk of IT systems failing or being damaged, or of data protection requirements not being met. An information security management system makes all this transparent. The company is put in a position to strengthen its own infrastructure and avert possible damage to the organisation.

Why does a company need an information security management system? Our company already has a data protection officer.

The information security management of a company determines:

  • which technical and organisational IT security measures are necessary for information security
  • how they can be implemented and
  • how those responsible control and monitor their success.

The data protection officer in the company ensures that the requirements of the GDPR are complied with and thus that personal data are specially protected. Information security management does not give personal data a special position in principle. Information security management and data protection should work closely together, as the two topics are closely linked and should not act in isolation from each other.

How can dhpg support me in security management beyond an ISMS?

dhpg operates a Security Operations Centre with the TÜV TRUST IT group of companies TÜV AUSTRIA. The SOC as a Service monitors the client's IT systems for possible cyber attacks and protects them against possible production downtimes, data loss, image damage, etc. and the associated financial risks. A combination of automatic detection and the use of expert knowledge ensures the fastest possible detection of various attack scenarios. If an active threat to a company's infrastructure is detected, the measures contractually agreed with the customer come into effect immediately.

The connection to a Cyber Security Operations Centre is a sensible component of a functioning information security management system. Statistics show that malicious codes are in the company for more than half a year before they are discovered. A SOCaaS can support you in detecting attackers who have already bypassed the firewall and virus scanner earlier and avert damage.
For more info, visit

Information security management system according to ISO 27001

An information security management system defines the technical and organisational IT security measures of a company. It regulates procedures and processes for implementing and controlling information security in the company. dhpg offers companies the development, introduction and optimisation of an information security management system according to the specifications of ISO 27001 and those of the BSI basic protection. We would be happy to accompany you on the way to certification if you wish to do so or are obliged to do so due to your industry affiliation.


Get in touch with us

Mail Contact form Telefon +49 228 81000 0
By uploading the YouTube video, you consent to cookies being set by YouTube and Google and to data being transferred to these providers. We process the data in order to be able to analyse access to our YouTube videos or to evaluate the effectiveness of our advertising and ads. YouTube and Google also process the data for their own purposes. In addition, you also agree that your data may be transferred to the USA, although there is a risk in the USA that the US authorities may gain access to your data for surveillance purposes and that you may not have adequate legal protection against such. You will find further information in our Data Protection Policy.
Load YouTube Video