External ISB as a Service

Your Information Security Officer from Honicon

External ISB
as a Service

NIS-2, ISO 27001, cyber risks — and you’re supposed to handle all that on top of the day-to-day? Your ISB from Honicon works transparently and routes the right tasks to the right people – and you keep the overview at all times, without drowning in operational work.

Book initial consultation More on external ISBs
ISO 27001 ISO 27001
BSI IT baseline protection BSI IT baseline protection
NIS-2 qualified NIS-2 qualified
German hosting provider German hosting provider – Hetzner
Your path to information security
Where shall we start?
Which solution fits you depends entirely on where you stand and where your goals lie.
Answer a few quick questions so we can recommend the right starting point for you.
Question 1 of 3
What is the current state of your information security?
Hardly structured – we don’t know where we stand
Basics in place, but no formal documentation
Processes exist, we need someone to run them
Well set up, we want to get certified
Question 2 of 3
← Back
What is your concrete goal?
First understand what we’re missing (status assessment)
Ongoing support without building an in-house ISB
Aim for ISO 27001 certification
Question 3 of 3
← Back
How soon are you planning?
Short-term – we need clarity quickly (1–4 weeks)
Medium-term – ongoing support over months
Long-term – certification planned in 12–24 months
↺ Restart
Your results
Recommendation: Step 1
Recommendation: Step 2
Recommendation: Step 3
Step 1
Clarity
Where do you stand today?
from
4,800 €
One-time fixed price, net
3–5 consultant days
Description
Our gap analysis shows you in 3–5 consultant days how your information security stands — measured against ISO 27001, BSI IT-Grundschutz, or NIS-2.
You receive a maturity assessment, a prioritized list of measures, and a clear roadmap. No subscription, no commitment.
Request Step 1
Show all services
  • Kick-off workshop (remote or on-site)
  • Document review (policies, network plans, existing concepts)
  • Interviews with key stakeholders (IT lead, management, DPO)
  • Assessment against ISO 27001 Annex A / BSI IT-Grundschutz catalogues
  • Maturity assessment with scoring model
  • Prioritized list of measures
  • Management summary with roadmap recommendation
  • Results presentation for management
Outcomes
  • Clarity on the company’s status
  • NIS-2 applicability clarified
  • List of measures developed
Step 2
Protection
Build and live an ISMS.
from
1,380 €
Monthly, net
6 hours per month
Description
We take on the role of your external information security officer (ISB) — and make sure that information security is not only documented in your company, but actually lived day to day.
Whether you’re building an ISMS from scratch or maintaining an existing one: we’re your dedicated point of contact.
Request Step 2
Show all services
  • Formal appointment as your external ISB
  • ISMS build-up or operation (depending on starting point)
  • Risk analyses & protection requirement assessments
  • Drafting and maintaining security concepts & policies
  • Monthly check-in with management
  • Annual employee awareness training
  • NIS-2 & GDPR support
  • Quarterly management report
  • Reachable by email & phone
Outcomes
  • External ISB formally appointed
  • ISMS built or optimized
  • Regular security reports
Step 3
Proof
On the way to certification.
from
2,760 €
Monthly, net
12 hours per month
Description
Everything from “Protection” — plus the systematic preparation for your ISO 27001 or BSI IT-Grundschutz certification. We get your company certification-ready.
The certification itself is performed by an independent, accredited auditor — we accompany the entire process.
Request Step 3
Show all services
  • All services from “Protection”
  • Full ISMS operation incl. internal audits
  • Certification alignment and preparation (ISO 27001 / BSI IT-Grundschutz)
  • Incident management for security incidents
  • Awareness campaigns (at least 1× per quarter)
  • Monthly report with KPIs
  • On-site appointments by arrangement
Outcomes
  • Certification readiness achieved
  • Audit support included
  • KPI-based reporting
How we work together

No once-a-month PDF
Clarity in real time!

Many ISB providers send monthly reports and are hard to reach in between. We work differently: transparently, in a shared workspace, traceable at any time.

plane.your-company.com/isms-project
shield
ISMS Project 2026
29 %
Open
3
ISMS-4
Map risk management in Plane
IT Admin
ISMS-7
Define interface to BCM
BCM
ISMS-6
Document incident management
ISB
In Progress
2
ISMS-8
Approve emergency handbook
Mgmt
ISMS-2
Define risk management process
ISB
Done
2
ISMS-1
Define ISMS scope
Mgmt
ISMS-5
Registration on the BSI portal
ISB
Real-time transparency
You see the state of your information security at any time — which measures are open, what's in progress, where we stand against the plan. Without having to wait for the next meeting, you keep everything in view in real time.
Your data, your infrastructure
Plane runs on your infrastructure or on a dedicated Hetzner server in Germany. Self-hosted, air-gapped on request. Your ISMS data never leaves your control.
More about Plane Managed Hosting →
Collaboration, not reporting
Comment, approve, ask questions — directly in the tool. No email ping-pong, no lost attachments.
And when something really has to move fast: your ISB is just a phone call away.
Your company
Your company
You access,
you decide.
ACCESS
Dedicated server
Dedicated server
Hosted in Germany
by Hetzner. ISO 2700.
MANAGED
HONICON
HONICON
We operate,
we advise.
ISO 27001 ISO 27001
BSI IT-Grundschutz BSI IT-Grundschutz
NIS-2 qualifiziert NIS-2 qualifiziert
Deutscher Hoster Deutscher Hoster – Hetzner
Why Honicon

Information security needs
more than checklists

ISB Zertifikat Icon

Certified ourselves

We don't just consult on ISO 27001 — we've just been through our own certification ourselves. We know every step, every hurdle, every stumbling block. Not from a textbook — from first-hand experience.

IT Background Icon

IT DNA, not legal jargon

We come from IT consulting, not from a legal background. We understand your systems, your infrastructure, your processes. Information security with us isn't a paper tiger — it's lived practice in real-world IT landscapes.

Team Icon

Real people, real availability

Your ISB has a name, a face, and a phone number. No call center, no ticket system, no chatbot. You work with a dedicated contact who knows your company.

.

ISB Start Icon

Ready to go in 14 days

From signed contract to the first check-in, it takes us no more than two weeks. No months-long onboardings, no holding patterns. You have a security issue — we're there.

Freqently Asked Questions

Answered honestly

ISB FAQ Illustration
What if we don't have an ISMS yet at all?
No problem — that's the case for most of our clients. In the "Protection" package, we work out together what's still missing for your ISMS, and can then transition seamlessly into ongoing operation. The gap analysis gives us the starting point and shows what level of effort is realistic.
What does the certification cost in total at the end?
Certification by an accredited auditor costs an additional €10,000–25,000 depending on company size. These costs are charged by the auditor, not by us. Our job is to prepare you so that the audit runs smoothly.
Can we continue without a service contract after the gap analysis?
Of course. The gap analysis is a standalone product. You receive your report and are free to decide how to proceed — with us or on your own.
What happens if we want to switch providers?
Your data belongs to you — on your server, in your Plane. All documents, policies, and analyses we produce are your work products. There is no vendor lock-in.
How does the collaboration work remotely?
Through Plane, you can see the current status at any time. On top of that, there are monthly check-ins (video or on-site) plus ongoing availability by email and phone. On-site appointments are possible at any time.
Do we need a specific Plane package?
We recommend our Plane Business Managed Hosting for the collaboration. You can find details and pricing on our Plane Hosting page. Hosting is arranged separately.
Trusted by regulated industries

Who already works with us

Healthcare
ISMS build-up and Atlassian assessment for a nationwide laboratory service provider with multiple locations.
Energy supply (critical infrastructure)
NIS-2 guidance and ISB support for an operator of critical IT infrastructure in the energy sector.
IT & consulting
ISO 27001 preparation and ISMS operation for mid-sized IT service providers and software companies.
ISO ISO/IEC 27001:2022
BSI BSI IT-Grundschutz
NIS-2 NIS-2 qualified
Expertise Atlassian & Plane expertise

Book your
free ISB initial consultation

Kontakt Flugzeug 260px.png