Build a secure foundation for your cyber resilience

Governance, Risk & Compliance

Proactive risk management and compliance with legal regulations

With the ever-changing cybersecurity landscape, it is critical to have the necessary tools and expertise to help navigate the complexities of governance, compliance and risk management with confidence. It is particularly important to protect sensitive data and adhere to strict guidelines and regulations.

Sound security governance can provide a solid framework for the cyber security strategy. Establishing clear rules, policies and procedures lays the foundation for a robust and secure cyber presence.

Knowing and understanding cyber security requirements is essential for regulatory compliance and effective protection of sensitive data.

A strategic approach to risk management plays a critical role in proactively identifying, assessing and mitigating threats. This proactive approach not only improves security, but also increases resilience to potential threats.


By establishing a robust framework for your cybersecurity strategy, we help you define rules, policies and procedures that lay the foundation for a resilient and secure digital presence.

Risik Management

We are aware that risks are inherent, and empower you to proactively identify, assess and minimize potential threats. Our approach is based on strategic risk management, giving you the confidence to face the digital landscape with resilience.


Navigating the complex network of regulations is simplified with our comprehensive compliance solutions. Stay up to date and ensure that your operations meet or exceed industry standards and legal requirements.

Our Consulting Services for Governance, Risk & Compliance

Your challenges:

Your challenge:

  • You struggle with developing and implementing clear cybersecurity policies and strategies for your organization.
  • Security practices don't integrate seamlessly with governance, impacting the effectiveness of security measures and leading to unclear accountability.
  • There is uncertainty about whether your cybersecurity practices meet applicable compliance requirements and you may be exposed to legal risks and potential penalties.


UNITY solution approach:

  • Establish organization-wide cyber security governance 
  • Establish management systems to control IT security (ISMS, CSMS)
  • Prepare for certifications
  • Establish business continuity management and emergency management
  • Create a risk portfolio from assessed cyber risks

Your challenges:

  • Your IT infrastructure is getting bigger and more complex and you are struggling to manage your information security holistically.
  • You are struggling to meet the comprehensive requirements of various compliance standards, in terms of legal risks and uncertainties regarding compliance.


Cyber Resilience Act

UNITY solution approach:

  • Establish customized management systems (ISMS, CSMS) for comprehensive control and management of your growing IT infrastructure and IT security
  • Provide comprehensive support in meeting various compliance standards (e.g. NIS2, Cyber Resilience Act, ISO27001) through targeted measures, training and the provision of resources for successful audits and certifications.

Your challenges:

  • You feel inadequately prepared for unexpected disruptions caused by natural disasters, technical failures or other crisis situations.
  • You struggle to develop clear business continuity plans and conduct regular testing.
  • You are faced with complex dependencies in your supply chain that increase the risk of disruptions, especially if they have not been sufficiently analyzed and assessed.

UNITY solution approach:

  • Support in the development of customized business continuity plans that take into account the specific needs and risks of your company and provide clear guidance in crisis situations.
  • Implementation of a cyclical business continuity test plan to ensure that the plans are effective under realistic conditions. This includes simulation-based exercises as well as technical testing. 
  • Conduct a comprehensive supply chain analysis to identify dependencies and assess risks. 



[Translate to English:]

Your challenges:

  • You struggle to clearly identify potential cyber risks in your IT infrastructure, which can lead to uncertainty around potential vulnerabilities. 
  • You face the challenge of not systematically assessing and prioritizing risks. This leads to an inefficient allocation of your resources for risk mitigation. 
  • Your company finds itself in an ever-changing and complex landscape of cyber threats without clear strategies to proactively identify and defend against these threats.


UNITY solution approach:

  • Conduct a comprehensive risk analysis to identify all potential cyber risks, including internal vulnerabilities, external threats and compliance risks. 
  • Evaluate and prioritize risks based on their impact on the business and the likelihood of their occurrence in a risk portfolio. Focusing on key risks to efficiently allocate resources to risk mitigation. 
  • Develop and implement proactive security measures that are aligned with the identified risks. This may include employee training, technical security solutions and ongoing monitoring.


[Translate to English:]

Your challenges:

  • You are struggling to understand and implement the specific requirements and processes related to TISAX (Trusted Information Security Assessment Exchange). 
  • Your organization is facing the challenge of conducting effective and systematic preparation for TISAX implementation. 
  • You are faced with limited resources, whether in terms of personnel or expertise, to take the necessary measures to comply with TISAX requirements.


UNITY solution approach:

  • Develop and implement a clear roadmap to prepare for the TISAX rollout. This includes the step-by-step implementation of necessary measures and the definition of milestones. 
  • Specialized consulting and training to deepen your understanding of the TISAX requirements. This enables you to take the necessary steps towards compliance independently. 
  • Support in the efficient use of your resources. We provide customized training for your existing team as well as providing additional expertise to make the TISAX certification process smooth and successful.


[Translate to English:]

The added value for your company

Compliance with legal requirements or industry standards

Efficient, company-wide control of IT security

Action plan to keep risk situations transparent and mitigate risk

Make an appointment with our experts

Depending on the topic, we provide you with the right experts. Select your preferred date from our calendar and discuss your concerns with our experts by phone or via Microsoft Teams without any obligation. We look forward to getting to know you!

Book an appointment

Project stories in Cyber Security

  • Development of the innogy CyberRange-e

    Business Model Development and Operationalization

    An in-house training center, the "CyberRange-e", was set up to provide in-depth education and training for employees in IT and OT areas, where the company's own employees have been trained in a realistic environment since mid-2019. This project was approached in a structured manner together with UNITY: First, the competitive landscape for realistic cyber security training was examined and interviews were conducted with potential target customers in order to then derive the target position of the CyberRange-e ecosystem.

    Find out more

  • Digital target picture and application for funding

    Consulting for the Hospital Future Act

    • Creation of a digital target picture and formulation of digital guiding principles in the dimensions of processes, patients, employees, quality, organization and culture
    • Identification, prioritization and selection of eligible projects in accordance with the target picture
    • Ensuring compliance with the mandatory criteria and legal requirements for IT security measures
    • Selection of potential providers in accordance with user requirements
    • Completion of applications and upload of all content and attachments to the NRW online portal
  • Project management for applications for the Hospital Future Act (KHZG)

    Consulting as part of the Hospital Future Act

    • Implementation of project management 
    • Creation of a digital target image along the process map, taking into account the overall strategy of the hospital group
    • Preparation of applications: Creation of templates for project profiles and project outlines 
    • Support of the application process: Creation of templates for final funding applications (sample applications & quality control of applications

Your contacts for Governance, Risk & Compliance

Michael Happ

Head of Cyber Security

Cologne, Germany
Contact us

Sebastian Befeld

Head of Business Area

Paderborn, Germany
Contact us

Philipp Wibbing

Executive Board Member

Paderborn, Germany
Contact us

Felix Kuban

Team Leader

Cologne, Germany
Contact us