0800 / 27 00 001
We are thrilled to serve you

Mo-Th.: 08:00 - 18:00
Friday: 08:00 - 14:00
  2. Home
  3. Information Security
  4. Information Security Officer

External Chief Information Security Officer (CISO)

Security issues in companies are becoming of increasing importance.

Nowadays, a company has to deal with many security issues. The part of “Information Security" IS (see chart with yellow marking) is becoming more and more important in companies, especially in the financial sector. This is due, among other things, to the regulations issued by the Federal Office of Finance (BaFin). These include:

  • Supervisory Requirements for IT in Financial Institutions (BAIT) of September 2018
  • Supervisory Requirements for IT in Insurance Undertakings (VAIT) of March 2019
  • Supervisory Requirements for IT in German Asset Managers (KAIT) of October 2019
  • Supervisory Requirements for IT at Payment Services Providers (ZAIT of November 2021

It requires, among others, that a so-called Information Security Officer (ISO) or Chief Information Security Officer (CISO) will be appointed to ensure information security in the company. This function includes the responsibility for the perception of all information security issues within the company and towards third parties. It ensures that the goals and measures defined in the company's IT strategy, information security guidelines and policies with regard to information security are made transparent to internal and to third parties. Compliance with the requirements must also be ensured and reviewed and monitored on a regular or ad hoc basis.

Graphic External Chief Information Security Officer (CISO)

Tasks of the external chief information security officer

Under certain conditions, this function may also be outsourced. We can inform you under which conditions you can commission an external CISO and would be happy to take over this role for you. We will perform the following tasks for you:

  • Establishment of a management system for information security (ISMS).
  • Development of protection goals for the company's critical assets, their threats and risks and the security goals derived from the IS strategy.
  • Carrying out risk assessments and business impact analyses
  • Establishment and operation of an organizational unit to implement the security objectives derived from the information security strategy
  • Elaboration, adaptation of security guidelines and requirements
  • Auditing of functional units on the status of implementation and further development of security regulations
  • Creating awareness of information security among employees through training and campaigns
  • Establish recommendations, guidelines, targets and objectives for information security
  • Conduct information security training, workshops and awareness campaigns
  • Ensuring and verifying compliance with data protection regulations
  • Portfolio management of security-related business processes
  • Continuous analysis and optimization of information security in the company
  • Coordination with stakeholders and management to establish information security

Advantages of an external information security officer

Small and medium-sized companies in particular are now making use of the services of an external information security officer. This has the following advantages:

External Chief Information Security Officer (CISO)
  • Reduced training costs for in-house staff, saving time and money
  • Always up-to-date expert knowledge thanks to continuous further training by the external CISO
  • Timely information on new and upcoming topics, e.g. Digital Operational Resilience Act (DORA), Cyber Resilience Act (CRA), EU Directive on Network and Information Security (NIS2), etc.
  • Targeted and calculable deployment thanks to a defined time budget
  • Greater acceptance among employees (especially for upcoming changes) if the suggestions come from an external consultant
  • Fast implementation with less effort for necessary measures - thanks to the practical experience and expert knowledge of the external information security officer

If required, we will be happy to take on the role of external chief information security officer (CISO) for you.

If you are interested, we can also support you in the area of data protection. If you come from an industry that requires the appointment of a data protection officer, you can benefit from synergy effects by having us perform both roles. We can offer you these synergy effects in the form of a lucrative overall package.

We would be happy to provide you with information in an initial free and non-binding consultation.

Address

Frommel Datenschutz GmbH
Akazienstr. 6a
61352 Bad Homburg
Germany

Contact

Phone: 06172 / 1710179
Fax: 06172 / 1714896
WhatsApp: 06172 / 4954596
E-Mail: datenschutz@frommel.com
Web: datenschutz.frommel.com

Opening hours

Mo.-Th.: 08:00 a.m. – 06:00 p.m.
Friday : 08:00 a.m. – 02:00 p.m.
Saturday: on appointment

In case of emergencies at any time

Our strengths

  • Free and non-binding initial consultation
  • Competent, individual and ongoing support
  • Practical and illustrative use cases
  • Pragmatic solutions
  • Many years of experience