Information Security Without Compromise
Information security is no longer a nice-to-have — it's essential. Yet many companies lack the resources or time to manage it internally.
That's exactly where we come in. As your external information security officer (ISB), we take on responsibility — whether for a growing mid-sized company without its own security department, for organizations subject to NIS2 or KRITIS requirements, or for anyone who wants this topic handled professionally and reliably.
Our Services
Strategic Security Leadership
- ⬥ Development and maintenance of a company-wide information security strategy
- ⬥ Alignment of IT security with business objectives and risk appetite
- ⬥ Reporting to management / board (security reporting)
- ⬥ Budget planning and prioritization for security measures
Governance, Risk &
Compliance (GRC)
- ⬥ Establishment and operation of an Information Security Management System (ISMS), typically based on or aligned with ISO 27001
- ⬥ Risk analysis and treatment in accordance with the applicable framework
- ⬥ Regulatory compliance (e.g. NIS2, GDPR/BDSG, industry-specific requirements)
- ⬥ Supplier and third-party risk management
Operational Security Management
- ⬥ Management and oversight of external security service providers (MSSP, SOC)
- ⬥ Incident response management — escalation responsibility, not operational execution
- ⬥ Vulnerability management: prioritization and tracking, not technical execution
- ⬥ Security awareness: program definition and oversight
Communication & Interfaces
- ⬥ Point of contact for authorities, auditors, and clients (e.g. during audits, due diligence)
- ⬥ Coordination with the Data Protection Officer (DPO) and legal department
- ⬥ Support for tenders / RFPs with security-relevant components
Advantages of an External Information Security Officer
ISB = Information Security Officer- Ready to deploy immediately
- Flexibly scalable to your needs
- Transparent, predictable costs
- Certified expertise
- Neutrality and objectivity toward management
- Broad cross-industry experience
- Recruitment or upskilling required
- Fixed capacity, barely scalable
- Higher total costs due to personnel expenditure
- Extensive ongoing training required
- Dependency on management due to employment relationship
- No or only limited experience
Request a no-obligation consultation
Why MKM LEGAL?
MKM LEGAL combines technical understanding with legal expertise. Our certified information security officers bring relevant experience from a wide range of industries. For you, this means no theoretical concepts — just solutions that have proven themselves in practice.
Interdisciplinary Collaboration
For legal questions, we work closely with the attorneys at MKM + PARTNER, and for data protection matters with MKM Datenschutz — so you can access comprehensive advice from a single source whenever you need it.
We believe security has to work in everyday practice. That's why we develop processes that are both pragmatic and legally sound — processes that you and your team can actually implement. Where it makes sense, MKM Compliance supplements these with legal tech tools that meaningfully reduce the ongoing workload for your organization.