Compaas combines deep standards expertise with pragmatic implementation – for mid-market companies that need results, not binders, and want to establish compliance as a robust business process.
Whether your first ISO 27001 certification, GDPR evidence for supervisory authorities, preparation for an OEM customer audit, or compliance with new regulation such as CRA and the EU AI Act – Compaas guides companies through the entire consulting cycle. The focus is on measures that work in operations, are accepted by employees, and are documented in an audit-ready manner.
Compaas starts with a structured assessment: where do processes, documentation, and technology stand compared to relevant requirements? From this, a prioritised action plan emerges – not off-the-shelf solutions, but tailored to the size, industry, and maturity of your organisation.
As a certified ISO 27001 auditor, Compaas brings both consulting and audit perspectives. This saves time, avoids unnecessary detours, and significantly increases the likelihood of success in certifications and customer audits.
Compaas has practical experience across all listed frameworks – from mechanical engineering and IT services to social enterprises. For each topic: clear context, clear priorities, and implementation that fits your organisation.
The international standard for information security management systems (ISMS). Compaas supports gap analyses, risk assessments, action planning, internal audits, and preparation for certification audits.
The General Data Protection Regulation requires demonstrable technical and organisational measures. Compaas assists with records of processing, data protection impact assessments, contract management, and integration into your business processes.
Whistleblower protection legislation requires many companies to establish reporting channels. Compaas advises on system selection, process design, and the appointment of a whistleblower protection officer.
The CRA introduces new requirements for manufacturers and providers of digital products with network connectivity. Compaas analyses affected product lines and supports implementation of conformity requirements.
Companies in defence supply chains face special security requirements. Compaas supports VS-NfD concepts, ITAR compliance, and preparation for official inspections.
The EU AI Act classifies AI systems by risk category and defines corresponding obligations. Compaas helps inventory AI applications and derive necessary governance measures.
Cybersecurity Maturity Model Certification is relevant for US defence contractors and their suppliers. Compaas supports determining the required maturity level and step-by-step implementation.
This standard addresses industrial automation and control systems (IACS). Compaas supports manufacturers and operators in securing OT/ICS environments per ISO 62443.
From the initial gap analysis through pragmatic implementation to internal audit preparation and certification support – Compaas covers the entire consulting cycle. Each service is designed to deliver concrete progress and relieve internal resources.
A gap analysis compares your organisation's current state against the requirements of a standard, framework, or legal obligation. Compaas identifies gaps, assesses their risk, and prioritises measures by effort and effectiveness.
Compaas implements compliance measures so they work in day-to-day operations – not just on paper. Existing structures are taken into account and solutions are tailored to the size and maturity of your organisation.
Before an external auditor or certifier arrives, Compaas reviews your management system internally. Weaknesses are identified early and can be corrected – significantly increasing the likelihood of success in external audits.
People remain a central factor in information security. Compaas offers practical training that sensitises employees to typical risks – understandable, relevant, and without fear-based messaging.
Whether ISO 27001 certification, a customer audit by an automotive OEM, or a defence inspection – Compaas guides companies through the entire audit process and acts as an experienced sparring partner.
A no-obligation introduction: where does your organisation stand? Which standards or customer requirements are relevant? Compaas gains an initial overview.
Gap analysis or needs assessment: Compaas identifies gaps, prioritises measures, and creates a realistic implementation plan with effort estimates.
Joint implementation: policies, processes, technical measures, and training – pragmatic and tailored to your operations.
Continuous support, internal audits, certification preparation, or outsourced mandates – Compaas remains your dedicated point of contact.
Compaas primarily serves mid-market companies – typically from around 20 to several hundred employees. At this scale, regulatory requirements, customer demands, and limited internal capacity often collide without a dedicated compliance team being economically viable. Compaas scales the scope of support to your situation: from targeted advice on specific topics to holistic ISMS implementation. The approach avoids unnecessary overhead – measures are chosen to remain sustainable in day-to-day operations and are not planned beyond what the organisation can realistically support.
Duration depends heavily on your starting point: do you already have documented processes, a risk assessment, and baseline technical controls, or are you starting from scratch? After a structured gap analysis, Compaas creates a realistic implementation plan with milestones and effort estimates. In practice, the path to audit readiness is often a matter of months – not years, as is common with overloaded concepts. The key is consistent prioritisation: close the gaps that matter for certification, customer audits, or operational risk first. Compaas supports you through all phases – from gap analysis and implementation to certification audit preparation.
No – and that is usually not sensible either. Companies face pressure from multiple directions at once: ISO 27001, GDPR, whistleblower protection, CRA, defence requirements, or customer-specific supply chain demands. Compaas orders these requirements by urgency, risk, and dependencies and creates a roadmap with clear priorities. Where standards overlap – such as risk management, documentation, or training – Compaas exploits synergies instead of working in parallel silos. Step-by-step implementation relieves your organisation, keeps costs manageable, and delivers measurable progress faster than trying to tackle everything at once.
With Compaas, you work consistently with one dedicated point of contact – not rotating project teams or junior consultants. The founder combines experience in software development, compliance consulting, and ISO 27001 audit practice in a single person. That means solutions that are technically implementable, organisationally sustainable, and audit-ready in documentation. Instead of standard PowerPoints and generic frameworks, your organisation receives pragmatic measures tailored to your size, industry, and IT landscape. Compaas thinks along with you, prioritises honestly, and focuses where things actually move in operations.
The intro call is non-binding and serves as a mutual getting-to-know-you. Compaas gains an overview of your organisation, current situation, and which standards, customer requirements, or internal goals are in play. You receive an initial professional assessment – which topics are urgent, which can wait, and which approaches are realistic. By the end, you know whether and how Compaas can support you, and if needed receive a recommendation for next steps – such as a gap analysis or taking on a mandated officer role. There is no sales pressure; the goal is an honest assessment of whether collaboration makes sense for both sides.
A gap analysis compares your current state with the requirements of the relevant framework – for example ISO 27001, GDPR, or a customer-specific security catalogue. Compaas systematically reviews processes, documentation, technical measures, and organisational structures and identifies concrete gaps. The result is not a theoretical report but a prioritised action plan with effort estimates and a realistic timeline. This way you invest where the greatest need for action exists instead of approaching all requirements at once. The gap analysis forms the foundation for any further consulting and gives management a transparent basis for decisions.
Yes. Many mid-market companies face pressure because major customers, OEMs, or public sector clients impose their own security requirements – independent of formal certification. Compaas supports preparation for customer audits, completion of questionnaires (e.g. VDA ISA, TISAX-related requirements, or individual supplier assessments), and structured presentation of your compliance measures. For tenders, Compaas helps interpret security requirements professionally and demonstrate what is already implemented and what is still missing. The goal is for you to enter discussions and reviews with confidence – with documented evidence instead of hastily assembled paperwork.
Compaas takes on the specialist heavy lifting but does not replace internal involvement. From your organisation we typically need a point of contact from management or a specialist department (IT, quality, HR) who can enable decisions and provide access to relevant information. Time commitment varies by project phase – intensive implementation phases may require more coordination in certain weeks, stable phases less. Compaas plans internal effort realistically from the start and structures workshops, reviews, and approvals to minimise disruption to core business. Transparent communication on progress and open items is a fixed part of the collaboration.
Certification is not an endpoint but the beginning of ongoing management system operation. On request, Compaas supports ISMS maintenance: internal audits, management reviews, risk assessment updates, and adaptation to new requirements. When your organisation evolves – new sites, systems, products, or regulatory obligations – Compaas accompanies the necessary adjustments. This keeps your management system audit-ready and prevents it from becoming a static document collection. Many customers use Compaas long-term as a dedicated partner for compliance topics – from annual surveillance audit preparation to step-by-step expansion to further standards.