InfoSec Assessments

Get a Good Overview Quickly

Determine the current state of your information security and identify potentials for improvements or as a starting point for InfoSec initiatives.

Know Where You Are
If you don't know where you are, you don't know where to go. Complimate analyzes the status quo of your information security based on established standards and shows potential for further development.
Pump the Brakes - On Your Cyber Insurance Premium
Lowering cyber insurance premiums. Many insurers are raising premiums due to increases in ransomware and other cyber-attacks. Demonstrate the maturity of your information security organization even without certification.
Have a Good Rest
Our assessment shows where action is needed. Identify and fix the shortcomings in your organization so you can sleep soundly at night - and keep ransomware nightmares in the closet.
Prepare for an ISMS
Complimate guides you through assessments in preparation for certifications to standards such as ISO 27001 or TISAX. Identify where action is needed and how much time should be planned until audit and certification.
Risk Analysis
An assessment supports a risk analysis and evaluation to identify organizational information security risks. Meet the mandatory requirements for corporations in many jurisdictions.
Assessment Process

We use established and internationally proven standards as the basis for the assessments. Assessment profiles for different industries, company sizes, and strategic protection goals of the customer are utilized.

The assessments are suitable for further use in strategic and operational planning, including budgeting for information security initiatives or projects such as introducing Information Security Management Systems (ISMS). The reports can be shared with third parties as needed to demonstrate the organization's current state of information security.


Are all information assets known? Are inventories maintained? Is there a risk management process, and what is the attitude of the executive management to information security? Is it taken into account in corporate strategy? Is shared responsibility with Cloud Service Providers managed?



How are assets protected against cyber and non-cyber threats? What preventive measures, concepts, and protection of a technical and organizational nature are implemented?



How are anomalies, deviations from baselines, and attacks in the IT system landscape detected?



How are anomalies, vulnerabilities, and incidents responded to and managed?



In the event of successful attacks against the organization, how will normal operations be restored and damage minimized? Can basic operations be maintained even in emergencies and disasters?

We use the outcomes to defined control questions to determine the status of the individual aspects of information security. The result is a report with risk scores and recommendations for improving information security.

The reports can serve as a basis for planning an ISMS implementation project, for example in accordance with ISO 27001 as results of the individual chapters and questions can be linked to ISO requirements.

For the automotive industry and its business partners, such as suppliers, dealers, or service providers (e.g. advertising agencies), the ISA catalog published by the ENX Association on the TISAX standard serves as the basis for the assessment. The results of the (self-)assessment according to TISAX can be used directly for further project progress, such as establishing an ISMS.

Let's get talking -
Meet us in person!