Compliance & governance.
For mid-sized companies the biggest blocker is often not the technology, it is compliance. We build governance lean enough to be lived day to day and solid enough to carry the IT strategy. Where the standard stops, we add our own tools.
What we do
- Set up the ITIL core processes (incident, change, problem, request) in an ITSM platform, modelled in BPMN 2.0 with a clear RACI matrix.
- Build an IT governance framework as part of the wider IT strategy: roles, responsibilities, and iterative IT risk management.
- Prepare for ISO 27001, from the gap analysis through building the ISMS to guiding the external certification audit.
- Add our own tools where the standard stops: an e-invoicing portal and a tamper-proof timestamp for documented oversight and compliance measures.
Stack
Processes: ITSM platform, BPMN 2.0, RACI matrix.
Governance: COBIT and ITIL as inspiration, a maintained IT risk register.
Standards: ISO 27001 (ISMS), GoBD, section 130 OWiG.
Own tools: e-invoicing and a layer-2 blockchain timestamp for audit-proof trails.
Process
It starts with an honest stocktake: a gap analysis, a maintained asset inventory, a first risk map. On that we build a lean framework that fits the company culture, because governance that is too complex ends up in a drawer. Internal audits are the most honest dress rehearsal; weaknesses found there cost less than the same weaknesses in front of the external auditor. Without backing from management, we do not start.
Track record
We have guided several mid-sized companies through ITIL and IT governance, and taken one client all the way through ISO 27001 certification. Practised workflows, prepared documentation, and support from Artificial Intelligence now bring comparable efforts to the external audit in six to nine months, rather than twelve to eighteen. Our regulated side is led by a partner with nearly two decades in IT governance and compliance.