Compliance & strategy · Plan

ISMS that is auditable AND suitable for everyday use.

ISO 27001 without the Excel graveyard, without 200 policies that nobody reads. We build a lean, lively information security management system: risk-based and with audit-tested templates.

Book a free Strategy Call

30+ ready-made templates · Auditor tested · ISO 27001 / TISAX compatible

At a glance

12 Mo
up to the audit certificate
30+
ready-to-use templates
0
rejected audits in our history
slim
< 30 policies, instead of 200

Why classic ISMS projects fail.

How Pently does it differently

Living ISMS – not file folder compliance.

Slim instead of complete.

We focus on what has impact and auditability. Our standard set has under 30 policies and can be used in 12 months.

30+ ready-made templates.

Risk analysis, SoA, supplier assessment, emergency plan: further developed from real audits. You don't write from greenfields.

Risk-based, not checklist-driven.

We start with your real business risks. Actions follow the risk, not the order of the norm.

Operation Bridge.

Our ISMS consultants are the same people who work in the Pently SOC. Policies remain suitable for daily use because we operate them ourselves.

At a glance

  • Scope definition and Statement of Applicability (SoA)
  • Risk analysis and risk treatment plan
  • Lean policy set (< 30 documents) based on tried and tested templates
  • Asset inventory and supplier management
  • Internal audit as a dress rehearsal for certification
  • Training for those responsible and Executive Management
  • Accompaniment in the certification audit – we have a seat at the table
  • Follow-up ISMS operation optionally as a managed service
Start the free NIS-2 check

100.000+ mitigated cyber incidents

  • SecuriTy Made in Germany
  • Microsoft Solutions Partner Security
  • Microsoft Solutions Partner Infrastructure Azure
  • Microsoft Solutions Partner Infrastructure Data & AI
  • Kununu Top Company 2025
  • Alliance for Cyber Security

How we work.

  1. 1

    Scoping

    What belongs in and what stays out? Clearly defined in a week.

  2. 2

    Risk assessment

    Identify, assess and treat business risks: pragmatically in 2 weeks.

  3. 3

    implementation

    Implement measures, adapt templates, training in just 6 months.

  4. 4

    Audit support

    Internal audit, correction, certification audit: we are at the table with you.

Frequently asked questions.

ISO 27001 or TISAX – which is right for us?+

TISAX if automotive supply chain. ISO 27001 for everything else – and usually connectable to TISAX. We check it in scoping.

Is this realistic for SMEs?+

Yes, absolutely feasible with around 50 employees. Our streamlined set was designed to do just that – without major corporation overhead.

Do we need a software tool?+

Optional. We usually start with templates in Confluence/SharePoint. Tool introduction is worthwhile starting with the follow-up audit if the maintenance effort increases.

Can you recommend us as an auditor?+

We work with several accredited certifiers and provide placements appropriate to the industry and level of maturity. You choose freely.

Free maturity check in just 60 minutes

We do a free 60-minute maturity check and tell you honestly how far you are and which path is suitable for the audit.

Schedule a conversation