Smart ISMS tool for automated compliance

Manual chaos in Excel & Word? Or keep it simple with the right information security tool that suits your needs.


Tailored coaching for 100% audit success

Professionally guided by an expert team, identify gaps in your ISMS and pass your ISO 27001 audit at the first attempt.


Achieve your ISO goals 3 times faster at half the price

A clear roadmap, precisely tailored to your company, shows the  clear path to your ISO 27001 without distractions.


Compliance according to the ISO Gold standard 

Achieve the highest level of security and real-time compliance. Win new customers and master NIS-2 automatically.

Our clients:
ISO 27001-certified within 6 months through automation, consulting and audit coaching:
O&F

100% audit success 3 times faster

Especially for start-ups, scale-ups and SMBs that rely on cloud technologies:

From IT. For IT.

We know exactly how Tech and IT companies tick. That's why our ISO coaching is tailored precisely to the needs of tech and IT companies.

Your result within 6 months of our cooperation:

  • Perfectly prepared for the audit thanks to expert advice, tried-and-tested templates and a smart ISMS tool.
  • Certified real-time compliance in accordance with the ISO 27001 Gold Standard. NIS-2 compliant, of course.
  • Access to larger customers and faster sales processes.
Results we have achieved for others with Compliance-as-a-Service
pasted image 0

Jan Seidler, CIO Screening Eagle Technologies

Screening Eagle Technologies is a technology platform that uses predictive maintenance to extend the service life of buildings. 

Results:

I was impressed by the professionalism and
expertise that PCG demonstrated during the audit preparation. At every point in the process, we felt supported and well taken care of.

After a quick and pragmatic identification and remediation of vulnerabilities in the company, it only took about 4 months until we successfully passed the ISO 27001 audit.

pasted image 0 (1)

Matthias Kalugin, CISO - IVU Traffic Technologies AG

IVU is one of the world's leading providers of IT solutions for public transport and helps buses and trains to organise mobility more efficiently.

Results:

Working with PCG has greatly helped us to
respond quickly and eectively to our customers' ISO 27001 and SOC2 requirements. With PCG’s consulting, we were able to close gaps in our own
knowledge and thus eectively meet our
customer’s requirements with their support. The project management and the level of
commitment were always focused and highly competent.

We can recommend PCG at any time and without reservation for their extensive
coverage of industry knowledge and know-how. Many thanks."

c-peitz

Christoph Peitz, CEO, Scout24 Group / Sprengnetter

Scout24 is a leading digital company in Germany. It runs ImmoScout24, the number one online platform for residential and commercial property in Germany.

Results:

At the first sight, a certification process is always a spectre. But the truth is: it's easier than you think and you will end up with better and more efficient structures. PCG's support with our ISO 27001 certification was an absolute benefit!

More results with Compliance-as-a-Service

1685597694998

Fabian from PCG guided us very competently and successfully through our 27001 certification process and was always extremely committed. We appreciate the cooperative and efficient way of working, as well as his high level of empathy and commitment.

Alexander Benoit

CEO - dinext pi-sec GmbH
1610563708908

Our customers are impressed that we are ISO 27001 certified as a small company. The ISO certification emphasises our commitment to IT security and processes. PCG as a partner in the certification process helped us to implement the project in a structured way and managed to prepare us for the audit in record time with extremely fast response times.

Matthias Falter

Head of Technology & CISO - choin! GmbH
f9f25af7-900d-4e32-aa9c-cbc4e2dba186

I was really impressed by the way in which PCG showed professionalism and in-depth technical expertise in preparing for the audit. At every stage of the process we felt supported and empowered, and thus, we felt well prepared for the external ISO 27001 audit.

Benedikt Reinke

Co-Founder & Managing Director Operations - Sympatient
15a00e7a-29d8-4d61-9cbc-9eac635c6a50

"Our experience with PCG has been immensely positive. The structured approach has streamlined our process, making it easier to manage KPIs, risk management, and prepare for audits. The support in formalizing our security policies and procedures has been particularly valuable, allowing our leadership team to refine our strategies effectively. PCG's flexibility and commitment to accommodating our schedule and preferences have solidified our trust and satisfaction in their service."

Thomas Radosh

Founder and CTO at Deployflow.
The 9 steps to ISO 27001 certification:

GAP Analysis and Strategy Meeting:

We start with a security workshop. The aim is to analyse and evaluate your current processes. This forms the basis for our strategy discussion, in which you will receive a customised roadmap to your tailored ISO 27001 certification with Compliance-as-a-Service.

Software- and Tool-Integration:

You've decided to work with us? Great! Once the bureaucracy is done, we'll implement the ISMS software in your company and set up the technical functionality. 

Kickoff-Workshop:

We continue our journey together in an intensive workshop. This ensures that we implement your certification project on a customised basis and that all parties - from our experts to your project team and key stakeholders - are optimally involved in the process. 

Regular Jour Fixe:

We meet once a week in order to maintain a healthy project dynamic over the entire period of our collaboration. This is a good way to assess the progress of your project and work together on any challenges that may occur.

Ongoing support from ISO lead implementers:

Our certified ISO lead implementers will support you throughout the entire process. They will help you with all technical, organisational and procedural tasks - both practically and in an advisory capacity. 

Internal Audit:

A comprehensive internal audit will optimally prepare you for the external certification. This is the opportunity to identify and eliminate any security gaps. After the internal audit, we guarantee a 100% success rate for your external audit.

External Audit-Briefing:

Before things get serious, you will receive a customised expert briefing for everyone involved - from office staff to IT and management. This enables us to ensure that the external audit will run smoothly.

Audit-Helpline:

For the external audit, you can also rely on our professional support. Our experts are available on call and provide support for urgent questions.

Managed Service:

As soon as you have achieved your ISO goals, our Managed Service is available to you. It is designed to ensure the ongoing maintenance and improvement of your ISMS. It also guarantees that your processes can be quickly adapt to new security and legal changes.

 

My guarantee: 100% audit success.

The first time I encountered the compliance topic was over 10 years ago. I quickly asked myself questions like:

Why are there so few hands-on solutions?
And why do consultants regularly fail?

The same is also true for tools.

I'm talking about those solutions ‘from the past’ that increase rather than reduce workloads. Are these all pitfalls for certification audits? (you are welcome to form your own opinion 😉)

Well, anyways:

I was able to gain valuable experience in organisations ranging from start-ups to international corporations. That was the starting point from which our Compliance-as-a-Service was formed.

At the very centre: the customer.

We support SaaS, Tech start-ups and SMEs in a pragmatic, perfectly tailored and risk-based manner. This enables you to achieve your ISO goals safely and quickly.

Plus: As an ISO 27001 certified company you'll automatically fulfil all NIS-2 requirements.

Clear instructions, simple tooling, customised audit briefings and expert support guarantee 100% audit success.

Join my 35,000 followers on LinkedIn, where I regularly post about news & trends in security and compliance.

Are you in?

I look forward to hearing from you 😊

Yours, Fabian

Fabi - Final
Let's work together.
DSC00304 (1)

Fabian Weber
CISO, Lead Auditor & Head of GRC 

DSC00338-final

Oliver Gehrmann
Business Lead Security & Compliance 

Frequently asked questions about Compliance-as-a-Service:
What can I expect from the free initial consultation?

In the free and non-binding initial consultation (approx. 20 minutes), we determine your individual situation, answer your questions and discuss the ISO 27001 certification process with PCG.

You will receive all the information you need to decide whether it makes sense to take the next step. If we both feel that we are a good fit, we will arrange an appointment for a free 45-minute strategy and demo session.

From this non-binding meeting, you will take away the Compliance-as-a-Service strategy to prepare your organisation for ISO 27001 certification in 3 to 6 months with a 100% success guarantee. 

When should I book a consultation, and when shouldn't I?

Our focus is on tech and software companies that already rely on cloud technology. These can be start-ups, scale-ups or even SMEs. 

Do you want to achieve your ISO 27001 certification within 6 months, be (at least) one step ahead of the competition, win new, larger customers and accelerate your sales processes?  

Then we are the right partner for you!

Our experts will prepare you for your audit with tailored coaching.  100% success rate guaranteed!

Why don't you put prices on your website?

ISO 27001 certification is a customised project that requires different levels of effort depending on the complexity of the processes, number of employees, IT infrastructure, physical locations and services and products offered. 

We therefore conduct a so-called ‘GAP assessment workshop’ with each customer before the actual project starts. Together, we analyse your company's situation, internal and external expenses and develop an implementation strategy.

How exactly does the collaboration with you look like?
Our service delivery covers 7 steps: 

1. Gap Assessment: we carry out a extensive analysis of your current security protocols. We identify gaps and create a detailed maturity report. This report serves as the basis for our action plan and ensures a clear path to your ISO certification.

2. Software and Tool Integration: We integrate our ISMS tool for compliance management into your systems and ensure technical readiness. 

3. Regular Jour Fixe Meetings: We meet weekly for a well-structured analysis of project dynamics. Thus, we evaluate the progress and address challenges as they arise.

4. Expert Support: A team of experts supports you throughout the entire implementation process and offers practical support for all technical, organisational and process-related topics.

5. Internal Audit: A comprehensive internal audit optimally prepares you for the external certification. Using our specialised toolkit, we evaluate the effectiveness of your security mechanisms, identify any gaps and eliminate them. This guarantees a 100 % success rate in the external audit!

6. External Audit Briefing: With our support, your entire team is perfectly prepared for the external audit. We provide support throughout the entire process and ensure that you will pass the audit at the first attempt. This includes customised expert briefings for everyone involved, from office staff to the IT department and management, and ensures, that the external audit runs smoothly.

7. Final External Audit: During the external audit, you can rely on our standby service. Our experts respond immediately and are on hand to answer any urgent questions that may occur.

 

What is ISO 27001 and what is an ISMS?
ISO 27001 is a certifiable international standard for the operation of an information security management system (ISMS).

The ISMS enables a systematic approach to the management of information security risks according to the objectives of the company management. 
How long does it take to achieve ISO 27001 certification?
The time it takes depends on factors such as the size of the company, the complexity, the existing safety management processes and the company's experience with management system standards.

Very well-prepared projects can usually achieve ISO in 2 to 3 months. Normally, a timeframe of up to 6 months is realistic.  Some companies with complex structures need 12 to 18 months to achieve ISO certification.
What costs are linked to ISO 27001 certification?

The costs include internal expenses (e.g. costs for implementation and ongoing operation), consultancy costs for preparation and external certification costs.

The total costs depend on the scope of the ISMS, the assessment of security risks, the resources and the project plan. The maintenance costs also include mandatory penetration tests and annual internal ISMS audits.

What do external ISO 27001 consultants do?
Our consultants will support you with:
  • defining the scope of application
  • designing and implementing the ISMS
  • the creation of guidelines and procedures
  • carrying out risk assessments
  • drawing up the declaration of applicability
  • monitoring employee training
  • carrying out security analyses to identify gaps in the system
  • internal audits
Does ISO 27001 cover NIS2 and GDPR?

ISO 27001 is largely in line with the requirements set out in the NIS2 directive. However, while it forms an essential basis for compliance with the NIS2 directive, full compliance with the NIS2 directive requires additional steps beyond ISO 27001 certification. This is due to the broader scope of NIS2 and the more stringent enforcement measures.

For the GDPR, ISO 27001 is an important factor in addressing security risks related to personal data.
To further strengthen GDPR compliance, it is advisable to supplement ISO 27001 with ISO 27701, which focuses more explicitly on privacy and data protection requirements.

How can one check whether a company is ISO 27001 certified?
Certified companies have a certificate issued by an accredited certification body. However, it is important to check the following elements:
  • the version of the certificate
  • the expiry date
  • the certified company or group member
  • the locations covered
  • the scope of the certification
  • the accreditation body
In addition, a copy of the declaration of applicability can be requested.
Are there competitive advantages linked to ISO 27001 certification?
Yes, ISO 27001 certification can bring competitive advantages, such as greater efficiency, time savings in providing documentation to customers and improved security procedures. In industries where sensitive customer data is handled, it can also be an important marketing tool.
What needs to be done to maintain ISO 27001?
Maintaining ISO 27001 certification includes operating the ISMS tool as prescribed and keeping technical and organisational measures up to date. If necessary, due to changes in the level of risk, a measurable improvement in information security must be demonstrated annually. In addition, there is a commitment to carry out annual internal audits and to undergo annual surveillance or recertification audits.
How does ISO 27001 affect internal processes and procedures?
ISO 27001 encourages a proactive approach to security, which in turn contributes to the development of mature and efficient internal processes. The focus is on continuous improvement and risk management, which increases operational maturity and streamlines workflows.
What challenges might start-ups face with ISO 27001?
Start-ups often struggle to understand the complex requirements of the standard. It can also be challenging to provide sufficient resources and ensure a smooth process when things get complicated.
Is there an ‘easy’ way to achieve ISO certification?

On the one hand, ISO 27001 is not just a 'ticking the boxes' exercise. On the other hand, you don't have to start building Fort Knox right away.

However, it is important to understand that neglecting the ISMS after the initial certification will lead to failure in future audits. In this case, ISO 27001 has no benefits for the company. 

Thus, through a combination of external expertise, audit coaching and the right automation tools, you can achieve certification much faster than with a traditional approach - and keep it alive in the long term. 

How is the ISO maintained after initial certification?
ISO 27001 requires continuous commitment. Regular compliance reviews, consideration of all changes and annual audits are essential for maintaining certification in the long run.

About Public Cloud Group

We're your trusted partner backed by certified expertise. We empower European businesses in developing and growing their cloud strategy.

PCG is a leading tech company with a strong technical vision and cutting-edge solution approach to customer needs.  Our proven methodologies and extensive team of certified experts ensure that your cloud journey is efficient, secure, following best practices and tailored to your business goals. We are your trusted partner for all things cloud in Europe, offering a one-stop solution for your cloud needs.

Find out more

About the Public Cloud Group

We're hiring! Your career at PCG

Our Case Studies

Legal Notice