Information security consulting
We, Syngenity®, are specialists in consulting around the implementation of an information management system according to the current TISAX® standard, including prototype protection and data protection, as well as the new version of the international ISO 27001 standard.
Do you want to improve information security in your company? Then you are exactly right with us. We support you from document creation, implementation to audit. We are distinguished not only by our services, but also by our fixed prices! Rely on our many years of expertise and let us work together to take your company’s information security to a new level. Contact us today so we can assist you.
Consulting on TISAX®
TISAX® stands for Trusted Information Security Assessment Exchange and describes a testing and exchange procedure for information security in the automotive industry.
Suppliers in the automotive industry are required to implement and introduce TISAX®. Through our expertise and consulting, we support you in the introduction of an information management system based on the TISAX® standard of the VDA. Thanks to our specialist expertise, including as lecturers for the TÜV-SÜD Academy, we are ideally qualified to assist you in this process. Put your trust in our consulting services and rely on our extensive experience in the field of information security in the automotive industry.
Do you need support?
Consulting on ISO 27001
ISO 27001 is an international standard that defines requirements for information security management systems (ISMS) in companies and provides a clear line for the planning, implementation, monitoring and improvement (P-D-C-A cycle) of information security. Organizations with information security needs can implement and adopt an ISMS using the ISO 27001 standard. Through our consulting services, we support you in the implementation of an ISMS based on the ISO 27001 standard and accompany you until successful certification.
Do you need support?
Advice on ENX VCS
Cybersecurity is no longer an optional extra – it is mandatory. Type approvals for new vehicles are only possible if they comply with UN ECE R155. The introduction of a cybersecurity management system (CSMS), which systematically defines the requirements for cybersecurity in automotive development, has now also become mandatory in the manufacturer’s supply chain. Anyone developing relevant E/E vehicle components today must be able to demonstrate an effective CSMS.
The ENX VCS assessment standard developed by ENX is designed to ensure precisely this. With the establishment of the TISAX standard in the automotive industry since 2017, ENX has already shown what a lean and efficient assessment mechanism for information security in the industry must look like. Now the aspect of vehicle cybersecurity (VCS) is being added to this.
We support you in introducing or optimizing the relevant VCS-compliant processes in your company – in a practical, efficient and targeted manner. Whether you are just starting out or have already taken your first steps: We pick you up where you are.
ENX VCS affects not only IT or development departments, but all areas along the product life cycle – from the concept phase and development through to maintenance and monitoring. Our experts will show you how to integrate the requirements of ENX VCS into your processes, assess risks and derive suitable protective measures.
A particular focus is on documentation and traceability – central elements of ENX VCS. We support you in the creation of security concepts, the creation and adaptation of your TARAs (Threat Analysis and Risk Assessments) and their management. Our service portfolio also includes optimal preparation for your assessment to acquire an ENX VCS label.
With our ENX VCS consulting, you not only create legal certainty, but also trust among customers and partners. You position yourself as a future-proof player in an industry in which cybersecurity has become a quality feature.
Do you need support?
Advice on ISO 21434
Cybersecurity is no longer an optional extra – it is mandatory. Type approvals for new vehicles are only possible if they comply with UN ECE R155. ISO standard 21434 has created a binding framework for the manufacturer’s supply chain that systematically defines the requirements for cybersecurity in automotive development. Anyone developing relevant E/E vehicle components today must understand, apply and be able to demonstrate compliance with ISO 21434.
Our consulting services help you to do just that. We support you in introducing and optimizing the relevant ISO 21434-compliant processes in your company – in a practical, efficient and targeted manner. Whether you are just starting out or have already taken your first steps: We pick you up where you are.
ISO 21434 affects not only IT or development departments, but all areas along the product life cycle – from the concept phase to development, maintenance and monitoring. Our experts will show you how to integrate the requirements of ISO 21434 into your processes, assess risks and derive suitable protective measures.
A particular focus is on documentation and traceability – central elements of ISO 21434. We support you in the creation of security concepts, the creation and adaptation of your TARAs (Threat Analysis and Risk Assessments) and their management. Optimum preparation for your certification audit is also part of our service portfolio.
With our ISO 21434 consulting, you not only create legal certainty, but also trust among customers and partners. You position yourself as a future-proof player in an industry in which cybersecurity has become a quality feature.
Do you need support?
Consulting on NIS2 Directive
The NIS2 Directive is EU-wide cybersecurity legislation that updates existing 2016 cybersecurity regulations with the NIS2 Directive coming into force in 2023. It was developed to meet the changing threats and increasing digitalization. The Directive expands the scope of cybersecurity regulation to new sectors and entities to improve the resilience and responsiveness of public and private entities, national authorities, and the EU as a whole. Companies classified as operators of essential services in the above sectors must take appropriate security measures and report serious incidents to national authorities. Major digital service providers such as search engines, cloud computing services, and online marketplaces must comply with the Directive’s security and notification requirements.
Do you need support?
Consulting on SOC2
Service and Organisation Controls 2 (SOC2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) SOC2 sets out requirements for providers of cloud computing services or other external services to ensure that they have implemented appropriate security controls.
SOC 2 is designed to give businesses and organisations confidence in service providers by enabling them to assess the effectiveness of the security controls and the safeguards (Trust Service Criteria or TSC) implemented in the areas of security, availability, processing of data, confidentiality and privacy.
SOC2 reports are prepared by independent auditors and passed on to the service provider’s customers. These reports include assessments of the service provider’s security controls and security posture, as well as recommendations for improving security and privacy.
Do you need support?
Consulting on C5
The Cloud Computing Compliance Criteria Catalogue (C5) is a catalogue of criteria recognised in Germany for assessing the security of cloud services. It was developed by the Federal Office for Information Security (BSI)
The C5 catalogue enables organisations to evaluate cloud services using a standardised framework; It provides guidance for assessing the security and trustworthiness of cloud services and ensuring compliance with German data protection regulations and covers the following main categories: Compliance, Security Management, Data Centre Operations, Data Security and Personnel, Organisation and Operational Processes.
Do you need support?
Services of the external information security officer(ISB)
Consulting
Our competent information security experts accompany you in complying with security standards: As external information security officers, we ensure the implementation of information security requirements and the necessary documentation.
Risk Management
We identify and assess information security risks through regular audits and early remediation of vulnerabilities.
Sensitization
We strengthen your employees’ awareness of the secure handling of information through targeted training.
Communication
As an external ISB, we clarify information security issues and support communication with stakeholders.
Kick Off
Introduction round with definition of the goals and analysis of the current status, in order to adapt the consultation appealingly to the previous knowledge.
Documents
We present you our prefabricated documents that serve as a guide and support you in the implementation of the ISMS. Which you then adapt to your company.
Review
The documents you have customized will be reviewed according to the valid requirements.
Implementation
We support you in implementing the requirements such as measuring KPI's, conducting management reviews and raising employee awareness.
Internal audit
In the internal audit, we check your ISMS according to the requirements in order to identify potential weaknesses at an early stage and to eliminate them through suitable measures.
PROCESS STEPS
Information security consulting
Rely on our expertise and years of experience to meet the highest standards of information security. We are at your side to set up your company in the best possible way and to ensure that all requirements are met. Our expertise helps you minimize potential security risks and protect your sensitive data in the best possible way.