Governance, Risks & Compliance

Governance, Risk & Compliance Icon

Governance, Risks & Compliance

Organizational and legal IT-Security

Our competence area GRC bundles all activities in the conflict area of IT-security directed Governance, Risk & Compliance (IT-GRC). Here our specialists and lawyers support you to design and create guidelines. We also assist you to implement, optimize and operate IT-risk management and, if necessary, to comply with any existing internal and external standards.

To achieve this we focus on technical design and effectiveness of GRC-measures in the interrelation of humans, strategies, technologies and processes. It is important to our customers that GRC-measures for appropriate IT security develop technical operational effectiveness and should not only be indicated on paper.

Our solutions include

  • Security Management (ISMS nach ISO/IEC 27001:2013)
    • Organizational Gap-analysis
    • Creation of security guidelines, -processes and -procedures
      • DSGVO compliant
    • ISMS implementation on organizational level according to ISO/IEC 27001:2013 as well as BSI-100 series (basic protection)
    • Security concepts / Controls
    • Technical Compliance according to ISO/IEC 27001:2013
  • Risk Management
    • Risk-assessment in consideration of results of security tests, business risk strategy and core business processes
    • Integration of IT-risk management into corporate risk management
  • DSGVO implementation
    • Privacy Assessments
    • Privacy Capability Assessment
    • Privacy Management
    • ISMS for Privacy Management
    • Privacy Implementation
    • Privacy Architecture Engineering
  • Process-Assessments
  • Development of KPIs for measuring and monitoring IT security
  • Acceptance of mandates
    • as company data protection officer (bDSB)
    • as safety officer (SiBe)
  • Introduction of emergency management based on the standards BS 25999 or BSI-100-4
  • Technical and legal expertise

Your contact person

Ihr Ansprechpartner

Manfred Peine

Senior account manager
Tel. +49 2173 20363-0
Mail info-at-admeritia.de

Reference projects

  • ISMS structure
    • Area and transmission system operators
  • Data protection mandates
    • Various companies
  • Risk analysis
    • Various automation companies

more reference projects...

Committee work

  • Mirror committee NA 043-01-27
    • DIN
  • ISO IEC JTC1 SC27 (WG3 und WG4)
    • ISO
  • KITS Advisory board
    • KITS

more committee work...

Lectures

  • Practical report - Development of an ISMS at an area network operator
    • VDE Symposium
    • Sep 2016
  • Security Safety (SIS) requirements in accordance with the IEC 61511 standard
    • Safety & Security Forum
    • Jul 2016
  • Recommended implementation of a detailed risk assessment according to IEC 62443 - 2 - 1
    • VDI Automation
    • Jun 2015

more lectures...

Publications

  • Security Safety (SIS) requirements in accordance with the IEC 61511 standard
    • Automation 2016
    • Jun 2016
  • Recommended implementation of a detailed risk assessment according to IEC 62443 - 2 - 1
    • VDI Automation
    • Jun 2015
  • ISMS: Pure paperwork or technically effective?
    • EW
    • Apr 2015

more publications...