External Information Security Officer (ISB)

We form an independent staff unit for you and advise you in all areas relating to IT and information security in your company.

Cost-efficient and sustainable

We provide you with a professionally and objectively suitable person at your side. Your single point of contact for all information security issues.

Adaptable, flexible and present

Do you already have a management system in place and work according to modern principles? We focus entirely on you.

Reduce your personnel costs

Our experts will always provide you with competent advice. Reduce the risk of staff attrition and expensive certifications.

We provide external ISB for companies of different sizes through

From small and medium-sized enterprises to corporations, public administration and critical infrastructure organizations – we advise and support our clients of all sizes. Up to date and based on ISO 27001.

Rely on the expertise of our consultants

Procedure for the provision of an external ISB

1. needs assessment & offer preparation
During the needs assessment, we clarify what goals you are pursuing with the appointment and how we can provide you with the best possible support. It is also clarified whether there are, for example there are time restrictions or framework conditions. The information collected will be made available to you in an individual offer, which corresponds to the effort to be expected in the individual case.

2. exchange of information
After the offer has been accepted, relevant information, in particular the contact persons, is transmitted. You can also send us all relevant documents in this step.

3. planning and implementation
In consultation with you, we plan an initial kick-off in which both sides get to know each other, after which the operational work on the project begins.

4th Reporting
We will provide you with a report at least once a year on the work carried out and the corresponding progress in accordance with the objectives defined in the requirements and in the kick-off.

Silas Borgmeier

Silas Borgmeier

Account Manager


Would you like a personal consultation?

We are at your disposal with our expertise.

0209 8830 676 – 4

Book an appointment or send an e-mail

We are our best customer

As an information security consultancy, the demands placed on its own systems are high. All employees are aware that improvement as part of the PDCA cycle is necessary for an increased level of information security maturity.

We have decided to have our ISMS certified in accordance with ISO 27001 in order to be able to present this claim to the outside world. The scope includes all locations, employees, business processes and assets. The certificate can be downloaded free of charge.

We know what we are talking about, are familiar with the challenges of project planning and maintain close contact with auditors.

AWARE7 ISO 27001 certified
AWARE7 GmbH - ISO 27001 certified - Seal

An excerpt from our external information security officers

Maik Hagelüken, BSc

Team Lead Information Security Consulting

Maik Hagelüken is an information security consultant. His core tasks include advising on the development and establishment of an information security management system in accordance with ISO 27001 and the ongoing maintenance of such systems. As team leader, he is also responsible for coordination within the team.


Jan Hörnemann, MSc

Authorized signatory, Chief Operating Officer

Jan Hörnemann is an authorized signatory and external information security officer (ISB) at AWARE7 GmbH. With his in-depth expertise in IT security and his many years of experience, he helps companies to develop and implement their security strategies to ensure a high level of protection against cyber threats.


Chris Wojzechowski, MSc

Managing Partner

Since its foundation in 2018, Chris Wojzechowski has been involved in the development and expansion of ISMS and has already led several companies to ISO 27001 certification through his consulting services. With his practical and clear presentation of complex topics, he supports companies in optimizing their security measures.

Callback service

Write to us with your request. We will be happy to call you back at a specific time.

Appointment service

Arrange a digital appointment with us so that we can discuss your requirements.

Contact form

Leave a message via our contact form. We will get back to you.

Our memberships

In the end, not everyone is thought of when everyone only thinks of themselves. For this reason, we participate in various ways in associations, initiatives and clubs.

Find out more about our completed projects

Success stories

Group-wide awareness campaign for Gelsenwasser AG

Together with AWARE7 GmbH, Gelsenwasser AG carried out an extensive, multimedia cyber security awareness campaign for around 1,500 employees.

Remote cybersecurity awareness event for Payback GmbH

PAYBACK GmbH has booked AWARE7 GmbH for a remote live hacking awareness show to prepare and sensitize employees to digital threats.

Emergency deployment in the district of Dachau

At 9:00 am the speaker was canceled, we were called at 10:00 am. At 17:00 we were on time in Dachau to enrich the planned event with a live hacking presentation.

Remote Live Hacking Show at the Security Days at Munich Re

The world’s largest reinsurer has been relying on our expertise for several years. In recent years, we have always been represented at the internal Security Days.

External penetration test for the mobile iOS application of Twinsoft GmbH & Co. KG

We carried out an extensive penetration test of the BioShare Authenticator app and the backend for Twinsoft GmbH & Co.

Take a look at all the success stories
and download them free of charge

We have been carrying out various types of projects. The satisfaction is reflected in the release of a success story. Take a look at all our success stories now.

All success stories

IT security made in Germany

Attacking and testing applications is the means to an end. The medium-term goal is always to increase the level of IT security and thus enable the long-term protection of customer and company data. We have been awarded the “IT Security made in Germany” seal by the TeleTrust Bundesverband IT-Sicherheit e.V. (German IT Security Association). The document declaring and authorizing the use of the seal is available for inspection.

Even though we operate worldwide, our headquarters will remain in Germany

AWARE7 GmbH has been based in Germany since its foundation. The location in Germany is valued by our international customers due to the high quality standards.

Products and services are free of hidden accesses

All of the services we provide are carried out in accordance with ethical principles. The removal of all access points after a test is mandatory and firmly integrated into the process.

Research & development takes place exclusively in Germany

New products and collaboration with students and scientific institutes are part of our corporate DNA. We are always at the cutting edge of research and development and are based exclusively in Germany.

Get in direct contact with our consultants now

FAQ – Frequently asked questions

What is an external information security officer?

An external information security officer (ISO) is an expert provided by an external service provider to help an organization manage and improve its information security. He assumes the role of the internal information security officer without being a permanent employee. He is usually responsible for operating the information security management system and supporting the PDCA cycle.

Why should a company hire an external information security officer?

An external ISB brings specialized expertise and experience that many companies do not have internally. This can be particularly advantageous for small and medium-sized companies that cannot afford or do not want to hire a full-time employee for this position. In addition, an external ISB offers an independent perspective and can be deployed flexibly as required. Measures relating to determining and increasing the level of information security can be implemented more quickly and in a more targeted manner with a designated person with the appropriate technical and specialist knowledge.

What tasks does an external information security officer perform?

An external ISB takes on a variety of tasks, including developing and implementing information security strategies, conducting risk analyses and security assessments, creating and monitoring security policies and procedures, training and sensitizing employees in the area of information security, supporting compliance with legal and regulatory requirements as well as preparing and accompanying audits and certifications, such as ISO 27001.

How does cooperation with an external information security officer work?

The collaboration usually begins with an assessment of the current information security situation in the company. A customized plan is developed based on this analysis. The external ISB works closely with the internal team, carries out regular audits and is available to answer any questions and challenges relating to information security.

How long does an external information security officer stay with the company?

The duration of the cooperation can vary and depends on the specific needs of the company. It can be project-related, for a specific period or for an indefinite period with regular reviews and adjustments.

What does it cost to appoint an external information security officer?

The costs vary depending on the scope and duration of the service and the specific requirements of the company. Please contact us for a customized offer.

How is the confidentiality and security of company data guaranteed?

The confidentiality and security of your data is our top priority. We sign confidentiality agreements and implement strict data protection measures to ensure that all information is treated securely and confidentially.

Can an external information security officer also provide support for existing ISMS structures?

Yes, an external ISB can review existing ISMS structures, identify potential for improvement and support the further development and optimization of the system.

How can I appoint an external information security officer for my company?

You can request our services via our contact form on the website or contact us directly by phone or e-mail. We will be happy to advise you and create a customized offer for your company.