01
preliminary discussion
In a preliminary interview, the situation is clarified and the person(s) to be interviewed are identified. In addition, an appointment is made for the subsequent detailed personal interview and the goal for the vulnerability scan is determined.
02
vulnerability scan
We carry out an automated external test on the target object agreed with you (e.g. website or IP address) in order to identify vulnerabilities.
03
survey and evaluation
We ask you selected questions to assess your security level. Based on the survey results, we will produce a report on IT and information security for small and micro-enterprises in accordance with DIN SPEC 27076 within 5 working days, which you will receive as part of a presentation together with the results of the vulnerability scan. The report also contains recommendations regarding implementation. On this basis, you can approach the implementation of measures with your proven partners.
04
awareness training
In addition, we will provide you with awareness training on risks and best practices in information security (remote) tailored to your company size and the group of participants.
4 Schritte zur
Diagnose und Verbesserung Ihrer Sicherheit
The proven fixed-price process at a glance
I would be happy to work with Mr. Salvador and his team again on the next project. Thank you and all the best!
Andreas Freitag, BMW AG
My TISAX® audit went smoothly and was successful right from the start. We were able to demonstrate our information security in accordance with TISAX® and can now win new automotive customers.
Gaps in our preparation and testing were closed promptly and high-quality documents were delivered by Opexa. I can only recommend the team around Klaus Höllerer, Klaus Kilvinger and Thomas Salvador.
Dr. Samir Kadunic, MAASU GmbH
When reviewing customer requirements in the area of TISAX®, the company urgently needed advice. Thanks to the help of Opexa Advisory GmbH, we were able to meet our customer requirements and also achieve our goals with significant cost savings.
Opexa Advisory is the ideal partner due to its many years of automotive experience, project know-how and competent, efficient and uncomplicated support.
Herbert Schmidt, Dennemeyer & Co. GmbH
What our customers say
Frequently Asked Questions
What specific benefit does the analysis based on DIN SPEC 27076 bring to my company?
Do I receive a certificate?
DIN does not provide any testing or certification for the above-mentioned measures or standard.
We recommend that you publish a note about your security measures on your website (or in other publications, flyers and offers) after implementing the measures. Proactively market the fact that your company is implementing information security measures!
The SPEC is tailored to smaller companies and can be used for testing with little effort. Based on the results, you can identify weak points and then ideally gradually optimize existing processes, e.g. in risk management, business continuity management, incident management and general technical and organizational measures as well as in reporting.
In addition, you will identify gaps and inefficiencies in the organization and save costs!
The level of security for your personal data in accordance with the GDPR is also improving.
And you minimize the likelihood of a cyber attack in the future, protecting your company even better!
What effort and costs are to be expected?
The effort on your part is manageable. Expect a total of 6 hours, which includes everything: the preliminary discussion, the survey, the scan, the presentation of the results and the awareness measures. The turnaround time on our part is around 5 working days.
We offer the above services exclusively for SMEs with up to 50 employees at a flat rate of 980 euros plus VAT (carried out remotely).
What happens next after I have the results in hand?
Our recommendation for all companies is to follow the suggestions and implement them, either internally or with an external partner. This means you have achieved a good minimum standard for a company of your size! If you wish, we can also provide you with further support.
It is advisable to repeat the review at least once a year, as technologies and situations are constantly changing. Additional technical measures can be taken as further steps, depending on requirements, or a professional information security management system (ISMS) based on the internationally recognized ISO/IEC 27001 standard could be planned. The ISO/IEC27001 certificate is internationally recognized and well known in the market, a signal to your customers and your market that should not be underestimated.
The necessary information security measures are particularly complex for small and micro-enterprises (SMEs) with fewer than 50 employees. The scope in terms of budget, competence and time is limited if demanding standards (e.g. measures in accordance with ISO/IEC 27001) are to be used, awareness measures are required or penetration tests must be carried out. These measures are often not taken for reasons of time and cost, unfortunately with disadvantages in terms of information security!
OPEXA offers a pragmatic solution here. We offer a security package specifically for KKU consisting of a vulnerability scan of the externally accessible infrastructure, awareness training and a security diagnosis based on DIN SPEC 27076:2023-05 to determine the current situation. On the basis of the information obtained, the implementation of a minimum quality standard in the area of information security can be addressed and improved security can be achieved. We offer the security package for KKU at an economical fixed price!
