Development and expansion of your information security management system (ISMS)

We provide you with comprehensive support in the implementation of your ISMS and bring it in line with certified standards such as ISO 27001 or IT baseline protection.

According to your needs, capacities and budget

The existing corporate culture plays a major role in the development of your ISMS. We adapt to these and take your initial situation into account.

With technical expertise and good contact with the auditor

Our consultants have an academic degree in information security and maintain good contact with our auditors.

From the initial consultation to certification

We accompany you through the entire process. From the initial meeting to the Stage 2 audit and beyond - for a long-term partnership.

We provide consulting services for companies of different sizes

From small and medium-sized enterprises to corporations, public administration and critical infrastructure organizations – we advise and support our clients of all sizes. Up to date and based on ISO 27001.

Rely on the expertise of our consultants

4 steps to ISO 27001

1. recording the current status
To synchronize the ACTUAL and TARGET status, structural conditions of documents are checked, the current status of documentation is compared with the ISO 27001 standard and observations from on-site inspections are analyzed. 

2. GAP analysis
In order to check whether employees at the various locations are actively implementing the information security guidelines and policies, random interviews are conducted to determine whether and to what extent employees are trained in their own information security management system. In addition, the current status is compared with the target status in a GAP analysis in order to identify the measures required for certification.

3. internal audits
Internal audits in the area of information security are systematic, independent and documented audits that serve to assess whether the information security processes of a company or organization comply with the defined guidelines, standards and legal requirements.

4. certification
We prepare you for the required Stage 1 and Stage 2 certification audits and carry them out with you accordingly.

Silas Borgmeier

Account Manager

Would you like a personal consultation?

I will be happy to assist you with our expertise.

0209 8830 676 – 4

Book an appointment

We are our best customer

As an information security consultancy, the demands placed on its own systems are high. All employees are aware that improvement as part of the PDCA cycle is necessary for an increased level of information security maturity.

We have decided to have our ISMS certified in accordance with ISO 27001 in order to be able to present this claim to the outside world. The scope includes all locations, employees, business processes and assets. The certificate can be downloaded free of charge.

We know what we are talking about, are familiar with the challenges of project planning and maintain close contact with auditors.

AWARE7 ISO 27001 certified
AWARE7 GmbH - ISO 27001 certified - Seal

An excerpt from our consultants

Maik Hagelüken, BSc

Team Lead Information Security Consulting

Maik Hagelüken is an information security consultant. His core tasks include advising on the development and establishment of an information security management system in accordance with ISO 27001 and the ongoing maintenance of such systems. As team leader, he is also responsible for coordination within the team.

Jan Hörnemann, MSc

Authorized signatory, Chief Operating Officer

Jan Hörnemann is an authorized signatory and external information security officer (ISB) at AWARE7 GmbH. With his in-depth expertise in IT security and his many years of experience, he helps companies to develop and implement their security strategies to ensure a high level of protection against cyber threats.


Chris Wojzechowski, MSc

Managing Partner

Since its foundation in 2018, Chris Wojzechowski has been involved in the development and expansion of ISMS and has already led several companies to ISO 27001 certification through his consulting services. With his practical and clear presentation of complex topics, he supports companies in optimizing their security measures.

Our memberships

In the end, not everyone is thought of when everyone only thinks of themselves. For this reason, we participate in various ways in associations, initiatives and clubs.

Callback service

Write to us with your request. We will be happy to call you back at a specific time.

Appointment service

Arrange a digital appointment with us so that we can discuss your requirements.

Contact form

Leave a message via our contact form. We will get back to you.

Find out more about our completed projects

Success stories

Group-wide awareness campaign for Gelsenwasser AG

Together with AWARE7 GmbH, Gelsenwasser AG carried out an extensive, multimedia cyber security awareness campaign for around 1,500 employees.

Remote cybersecurity awareness event for Payback GmbH

PAYBACK GmbH has booked AWARE7 GmbH for a remote live hacking awareness show to prepare and sensitize employees to digital threats.

Emergency deployment in the district of Dachau

At 9:00 am the speaker was canceled, we were called at 10:00 am. At 17:00 we were on time in Dachau to enrich the planned event with a live hacking presentation.

Remote Live Hacking Show at the Security Days at Munich Re

The world’s largest reinsurer has been relying on our expertise for several years. In recent years, we have always been represented at the internal Security Days.

External penetration test for the mobile iOS application of Twinsoft GmbH & Co. KG

We carried out an extensive penetration test of the BioShare Authenticator app and the backend for Twinsoft GmbH & Co.

Take a look at all the success stories
and download them free of charge

We have been carrying out various types of projects. The satisfaction is reflected in the release of a success story. Take a look at all our success stories now.

All success stories

IT security made in Germany

Attacking and testing applications is the means to an end. The medium-term goal is always to increase the level of IT security and thus enable the long-term protection of customer and company data. We have been awarded the “IT Security made in Germany” seal by the TeleTrust Bundesverband IT-Sicherheit e.V. (German IT Security Association). The document declaring and authorizing the use of the seal is available for inspection.

Even though we operate worldwide, our headquarters will remain in Germany

AWARE7 GmbH has been based in Germany since its foundation. The location in Germany is valued by our international customers due to the high quality standards.

Products and services are free of hidden accesses

All of the services we provide are carried out in accordance with ethical principles. The removal of all access points after a test is mandatory and firmly integrated into the process.

Research & development takes place exclusively in Germany

New products and collaboration with students and scientific institutes are part of our corporate DNA. We are always at the cutting edge of research and development and are based exclusively in Germany.

Get in direct contact with our consultants now

FAQ – Frequently asked questions

What are information security management systems (ISMS)?

An information security management system (ISMS) is a structured framework of guidelines and processes that helps companies to identify, assess and manage their information security risks. It includes all measures and controls required to ensure the confidentiality, integrity and availability of information. An ISMS offers a systematic approach to minimize security gaps and ensure compliance with legal and regulatory requirements.

Why is an ISMS important?

An ISMS is crucial for systematically and permanently guaranteeing information security in a company. It helps to identify and mitigate risks, ensures the confidentiality, integrity and availability of information and fulfills legal and regulatory requirements. It also strengthens the trust of customers, partners and stakeholders in the company’s security practices and protects against potential data leaks and security incidents.

What is ISO 27001 certification?

ISO 27001 is the globally recognized standard for information security management. ISO 27001 certification shows that a company has implemented a systematic and well-structured information security management system (ISMS) that complies with international best practices. This certification proves that the company is able to effectively manage security risks and continuously implement improvements in the area of information security.

How do you support companies with ISO 27001 certification?

We offer comprehensive consulting services that cover the entire certification process, including the initial assessment, risk analysis, implementation of security measures, internal audits and preparation for the external audit.

Which companies need an ISMS and ISO 27001 certification?

Any company that works with sensitive data or has high information security requirements can benefit from an ISMS and ISO 27001 certification. It is particularly relevant for companies in the IT, finance, healthcare and telecommunications sectors.

What does the implementation of an ISMS and ISO 27001 certification cost?

The costs depend on the size and complexity of the company and the current status of information security. Please contact us for a customized offer.

What role do employees play in the implementation of an ISMS?

Employees play a decisive role in the implementation of an ISMS. You must be aware of the security guidelines and actively implement them. Training and regular awareness-raising measures are therefore an important part of the process.

Can you also review and improve existing ISMSs?

Yes, we also offer services to review and improve existing ISMS. This includes gap analyses, risk assessments and the implementation of additional security measures.