SEKurity GmbH

COMPLIANCE · REGULATION

Regulation demandstechnical evidence,not just policies.

Auditors do not accept good intentions. We translate NIS-2, DORA, KRITIS, TISAX and the upcoming Cyber Resilience Act into testable controls – and deliver the evidence that holds up under review, traceable and reproducible.

Discuss requirements Back to services

01 · STARTING POINT

Policy documents alone do not survive an audit.

Many organisations invest significantly in frameworks, manuals and management systems – and still face audits without technical evidence. Even GDPR Art. 32 explicitly demands regular testing, assessment and evaluation of the effectiveness of technical measures – a clause that is rarely backed by actual test reports. Auditors expect verifiable proof: executed tests, reproducible results, documented remediation. That is where we come in.

02 · OUR APPROACH

From requirement to testable control.

We work along the regulatory text: which obligation applies to your organisation, which control covers it, how is it technically verified, and how is the result documented? The outcome is a coherent evidence trail from the legal text to the test report.

REGULATORY FRAMEWORKS

NIS-2

Risk management, incident reporting and management accountability for essential and important entities.

NIS-2 in detail

DORA

Digital operational resilience for the financial sector – including Threat-Led Penetration Testing.

DORA in detail

KRITIS / BSI-Gesetz §8a

Operators of critical infrastructure must demonstrate the state of the art every two years. We deliver the technical foundation for the §8a evidence.

KRITIS in detail

TISAX

Information security in the automotive supply chain – including prototype protection. We cover the technical assessments TISAX auditors expect.

TISAX in detail

Cyber Resilience Act

From December 2027, manufacturers of products with digital elements must handle vulnerabilities and demonstrate security testing. We help you build the test evidence early.

CRA in detail

ISO 27001 / BSI IT-Grundschutz

Established ISMS frameworks as a foundation – we add the technical verification that certifiers want to see.

Discuss in project

03 · DELIVERY

What you hold in your hand during an audit.

  1. ITEM · 01

    Mapping of regulatory obligations to concrete technical controls

  2. ITEM · 02

    Executed tests with reproducible proof and timestamps

  3. ITEM · 03

    Remediation catalogue with prioritised findings and retest results

  4. ITEM · 04

    Management summary in the language of the auditor

NEXT STEP

Compliance that holds up in audit.

Tell us about your regulatory landscape – we tell you which technical evidence is missing and how we deliver it.

Schedule a conversation