Station 1
Determine where you stand
The journey starts with clarity, not a tender: in the free 30-minute risk check we clarify which obligations apply to you (NIS-2, on request DORA and the EU AI Act) and where your five most important gaps are. Prefer to self-assess first? Start with the 5-minute maturity check.
What you have afterwards: Indicative classification, top-5 gaps, a recommended path.
Station 2
Measure your posture
The classification becomes a picture: a platform-based assessment measures your security posture against the standard that fits you. ISO 27001, IEC 62443, BSI IT-Grundschutz, NIS-2 or your own catalogues via OSCAL import, across multiple sites, with automatic scoring.
What you have afterwards: A maturity report with a prioritised list of measures.
Station 3
Choose your path
Now comes the most important decision: who carries the security function? There are two honest paths, and both lead to the same platform.
vCISO bundle: for organisations without an in-house CISO
The platform plus a virtual CISO who permanently fills the security function: 2 to 6 days per month, from €3,600/month for the mid-market. Includes risk analysis, NIS-2 gap check and C-level reporting.
Platform licence plus onboarding project: for organisations with a CISO
Your team keeps the lead, we bring method and system: a structured onboarding project, then a module licence that scales with you.
For short-term gaps (vacancy, audit preparation, incidents) the Interim CISO remains available as a standalone emergency line, usually without platform dependency.
What you have afterwards: Ownership assigned and an onboarding plan.
Station 4
Steer day-to-day operations
Daily operations decide: ISMS, BCM, assessment and third-party risk management run on one data layer. And the question executives and auditors ask most often is answered by the platform itself: the vCISO assistant delivers sourced answers to "Where do we stand?" with source and metric, strictly within read permissions.
What you have afterwards: Able to answer to management, audit and clients, at any time.
Station 5
Prove it and move on
When the audit comes, it is no longer a scramble: evidence is produced in daily operations and available in an audit-proof way; on request we accompany the certification. And the journey continues: AI agents that take over recurring ISMS work under supervision are in development.
What you have afterwards: A passed audit without a state of emergency.