ISMS according to ISO 27001:2022 — from gap analysis to certification
Information Security Management Strategy
An ISMS is not a paper exercise — it is the operational backbone of your information security. Whether building from scratch according to ISO 27001:2022, transitioning from the 2013 version, or optimizing an existing system: ADVISORI brings experience from over 50 ISMS projects. We combine standards-compliant structures with practical processes — so your ISMS not only passes the audit, but works in day-to-day operations.
- ✓
- ✓
- ✓
- ✓
Your strategic success starts here
Our clients trust our expertise in digital transformation, compliance, and risk management
30 Minutes • Non-binding • Immediately available
For optimal preparation of your strategy session:
- Your strategic goals and objectives
- Desired business outcomes and ROI
- Steps already taken
Or contact us directly:
Certifications, Partners and more...
Why an ISMS is the Core of Every Security Strategy
ADVISORI in Numbers
11+
Years of Experience
120+
Employees
520+
Projects
Every organization is different — your ISMS must reflect that. We work iteratively, pragmatically, and always with certification in mind.
Our Approach:
Our Services
We offer you tailored solutions for your digital transformation
ISMS Implementation according to ISO 27001:2022
Complete ISMS implementation from risk methodology through policies and processes to technical controls. Including Statement of Applicability, asset management, and documentation framework — certification-ready in 6–12 months.
ISMS Optimization & Transition
Migrating your existing ISMS to ISO 27001:2022: mapping the new 93 controls, integrating the 11 new requirements (Threat Intelligence, Cloud Security, ICT Readiness for Business Continuity), and closing audit findings.
Certification Support
From pre-audit readiness review through Stage 1 document review to on-site Stage 2 accompaniment. We know the typical pitfalls and prepare you specifically — including follow-up on minor/major non-conformities.
TISAX Assessment Preparation
For automotive suppliers: preparation for the TISAX assessment according to VDA ISA. We identify the gaps between your existing ISMS and TISAX-specific requirements (prototype protection, data protection, integration with OEM processes).
ISMS Integration into Management Systems
Seamless integration of your ISMS into existing ISO 9001 or ISO 14001 systems. Harmonization of documentation, audit cycles, and management reviews — for an integrated management system without duplication of effort.
BSI IT-Grundschutz Implementation
Alternative or complement to ISO 27001: building an ISMS based on the BSI IT-Grundschutz Compendium. Particularly relevant for KRITIS operators and public institutions that require the BSI standard as evidence of compliance.
Looking for a complete overview of all our services?
View Complete Service OverviewOur Areas of Expertise in Information Security
Discover our specialized areas of information security
Frequently Asked Questions about Information Security Management Strategy
What is the difference between ISO 27001 and BSI IT-Grundschutz?
ISO 27001 is an international standard with a risk-based approach — you define which controls are relevant. BSI IT-Grundschutz is more detailed and prescribes specific measures (building blocks). ISO 27001 is globally recognized and suitable for international organizations. BSI IT-Grundschutz is particularly prevalent in Germany, especially among KRITIS operators and public authorities. Both can be combined: an ISO 27001 certification based on IT-Grundschutz combines the advantages of both approaches.
How long does an ISO 27001 certification take?
The typical timeframe is 6–
12 months from project start to a successful Stage
2 audit. The duration depends on the current maturity level, the scope, and the available internal resources. Organizations with an existing management system (e.g., ISO 9001) can often achieve certification faster, as structures such as internal audit and management review are already established.
What does ISMS implementation and certification cost?
The pure certification costs (auditor fees) range from EUR 10,000–30,
000 depending on company size and scope. The larger investment block is preparation: internal resources, consulting, tool implementation, and training. A realistic total budget for a mid-sized company is EUR 50,000–150,000. ADVISORI helps deploy this budget efficiently and avoid overengineering.
Is ISO 27001 mandatory under NIS2?
NIS 2 does not mandate a specific framework, but requires systematic risk management, incident management, supply chain security, and governance structures — all core elements of an ISMS based on ISO 27001. In practice, an ISO 27001 certification is the most efficient way to demonstrate NIS 2 compliance. In addition, management bears personal responsibility for cybersecurity — another reason for a structured ISMS.
What changes with ISO 27001:2022 compared to 2013?
The key changes concern Annex A: instead of
114 controls in
14 groups, there are now
93 controls in
4 categories (organizational, people, physical, technological).
11 new controls have been introduced, including Threat Intelligence, Cloud Security, ICT Readiness for Business Continuity, and Data Masking. The transition deadline was
31 October
2025 — certifications based on the
2013 version are no longer valid.
What is TISAX and do we need it?
TISAX (Trusted Information Security Assessment Exchange) is the information security standard of the automotive industry, based on the VDA ISA questionnaire. If you are a supplier or service provider for OEMs such as VW, BMW, or Mercedes, a TISAX assessment is generally a prerequisite for collaboration. TISAX and ISO 27001 have significant overlaps — an existing ISMS considerably facilitates TISAX readiness.
Success Stories
Discover how we support companies in their digital transformation
Generative KI in der Fertigung
Bosch
KI-Prozessoptimierung für bessere Produktionseffizienz
Fallstudie
Ergebnisse
Reduzierung der Implementierungszeit von AI-Anwendungen auf wenige Wochen
Verbesserung der Produktqualität durch frühzeitige Fehlererkennung
Steigerung der Effizienz in der Fertigung durch reduzierte Downtime
AI Automatisierung in der Produktion
Festo
Intelligente Vernetzung für zukunftsfähige Produktionssysteme
Fallstudie
Ergebnisse
Verbesserung der Produktionsgeschwindigkeit und Flexibilität
Reduzierung der Herstellungskosten durch effizientere Ressourcennutzung
Erhöhung der Kundenzufriedenheit durch personalisierte Produkte
KI-gestützte Fertigungsoptimierung
Siemens
Smarte Fertigungslösungen für maximale Wertschöpfung
Fallstudie
Ergebnisse
Erhebliche Steigerung der Produktionsleistung
Reduzierung von Downtime und Produktionskosten
Verbesserung der Nachhaltigkeit durch effizientere Ressourcennutzung
Digitalisierung im Stahlhandel
Klöckner & Co
Digitalisierung im Stahlhandel
Fallstudie
Ergebnisse
Über 2 Milliarden Euro Umsatz jährlich über digitale Kanäle
Ziel, bis 2022 60% des Umsatzes online zu erzielen
Verbesserung der Kundenzufriedenheit durch automatisierte Prozesse
Let's
Work Together!
Is your organization ready for the next step into the digital future? Contact us for a personal consultation.
Your strategic success starts here
Our clients trust our expertise in digital transformation, compliance, and risk management
Ready for the next step?
Schedule a strategic consultation with our experts now
30 Minutes • Non-binding • Immediately available
For optimal preparation of your strategy session:
Your strategic goals and challenges
Desired business outcomes and ROI expectations
Current compliance and risk situation
Stakeholders and decision-makers in the project
Prefer direct contact?
Direct hotline for decision-makers
Strategic inquiries via email
Detailed Project Inquiry
For complex inquiries or if you want to provide specific information in advance
