IT risk consulting
We analyse your existing IT infrastructure, concepts and processes, and we evaluate your level of security. In doing so, we pay particular attention to legal requirements (e.g. the BDSG [Federal Data Protection Act], the HGB [German Commercial Code], the AO [German Tax Code], and the GDPdU [Basic Principles for Data Access and the Verifiability of Digital Documents]), as well as issues relating to data availability (e.g. backup strategy, long-term archiving, authorisation concepts and data destruction), and best practice in the respective areas and sectors involved. Ranging from the audit to real penetration tests, we provide all the tools for a "root and branch" review of your concepts and systems, and for making them transparent, so that you can make better decisions.
Media and data conversion
Media conversion is required, for example, when it is necessary to switch to a different media technology, or if due to their age or for other reasons the stored media (e.g. CDs or tapes) are no longer suitable for storing data. In its simplest form this involves transferring just the physical data from one physical medium to a new medium, possibly of a different kind. The data structures remain the same however.
Data conversion is far more complex. It involves converting types of data into other formats in order to be able to read and process them with, for example, more up-to-date programs. Data conversion involves changing the data structures.
Data recovery
Following a loss of data due to physical defects, viruses, sabotage, user errors or even (natural) disasters such as floods or fires, data recovery has to be undertaken in a professional laboratory if it is to have good prospects of success. It is especially important to commission a trustworthy company to carry out this work, one which will not only take care of your data in professional manner but will also properly observe the requirements of the Data Protection Act. I have such partners in my network.
Data destruction
Professional data destruction, which is actually a requirement of the Data Protection Act, involves the irreversible destruction of data and data media. Even a defective data medium which can no longer be accessed by using software must be irreversibly destroyed in a legally compliant manner. Various technologies are available for doing this. Depending on the sensitivity of the data, an appropriately secure method (security levels according to DIN 32757-1) must be used for destroying data media.
Securing data availability / disaster recovery concepts
When organising the maximum availability of systems and infrastructure, consideration must not only be given to safeguarding the systems, data and processes, but also to safeguarding the site, e.g. in the event of a natural disaster.
A disaster recovery concept is used to carry out the structured reinstatement of the entire vital infrastructure in an emergency.
IT strategy development
A long-term IT strategy involves assessing the future market and technological trends, and preparing the company for these developments. The scalability and extensibility of the systems is extremely important in this regard nowadays, particularly in the light of the rapidly increasing use of cloud technologies.
Backup and data archiving
All data and emails which may be characterised as "business correspondence" or which could be of relevance for tax purposes must be retained in their original form for 10 years in accordance with data protection requirements.
In this area a distinction is made between
- the simple securing of data (backup), which is intended to guarantee the reinstatement of data in an emergency so as to be able to continue business operations, and
- audit-compliant data archiving including email archiving. In the case of audit-compliant archiving, the archive data must be permanently unalterable. The legislation stipulates this in order to ensure that the data will not be able to be tampered with over long archiving periods of up to 10 years, even with the use of future technologies
There are a large number of manufacturers in the market using various technical solutions. In the case of such a long retention period there is a particular need to observe the rules contained in the Data Protection Act since unauthorised access to personal data must be securely prevented at all times throughout the entire retention period. This also means that the data controller is under an obligation to react to manufacturer-related changes in good time (e.g. the discontinuation of products or buy-outs of companies) in order to ensure the security and availability of the data in accordance with the legal requirements.
Information security
includes not just the security of the IT systems and the data stored in them, but also the security of information which is not processed by electronic means. Further information regarding information security can be found here.