When do I need a professional security concept?
Mandatory for assembly venues from 5,000 persons (VStättVO), critical infrastructure under BSI ordinance, larger construction projects and events with elevated fire load or pyrotechnics. Useful without legal requirement when extending sites, commissioning new production facilities, after security incidents, or before major security technology investments. Sekuris writes concepts for €4,500–€25,000 depending on complexity.
How does a risk analysis work?
Standard four-phase approach: (1) Inventory — site visit, interviews with executives, security and plant management, IST analysis of existing measures. (2) Threat modelling — what incidents are realistic (theft, sabotage, cyber attack, natural events)? Who are the threat actors? (3) Vulnerability assessment — gaps between current state and threat. (4) Measure recommendation with effort/cost estimate. Duration 5–15 working days.
What does security consulting cost?
Daily rates typically €1,200–€1,800 — depending on specialisation (standard conceptualisation vs. critical infrastructure / forensics / crisis management). Compact risk analyses for SMEs €4,500–€8,000. Full security concepts per VStättVO or ISO 27001 typically €12,000–€25,000. For implementation-accompanying mandates rates reduce 10–20% — we treat consulting as start, not end.
Are you independent or do you only sell Sekuris solutions?
Consulting and implementation are separate. Within consulting mandates we recommend the most economical and secure solution — even if that means another provider or in-house execution. Subsequent Sekuris implementation is possible but not a prerequisite for consulting. We document this separation contractually. For conflict situations (e.g. existing tender) we provide a second opinion against a competing proposal on request.
Which standards and norms do you apply?
Main references are DIN VDE V 0827, state assembly venue regulations (security concepts for assembly venues), BSI baseline protection, ISO 27001/27002, BSI critical infrastructure ordinance and VdS guidelines. For industry-specific requirements (pharma GxP, food BRC, automotive TISAX) we integrate the relevant standards. Concepts are audit-proof — we know the auditors and typical pitfalls.
Do you also support ISO 27001 or TISAX audits?
Yes. For ISO 27001 we support ISMS build-up, gap analysis between current state and norm requirements, internal auditing and preparation for the certification audit. TISAX (automotive supply chain) follows the same approach. Recertification mandates (every three years) are possible. Sekuris works closely with certified auditors but does not issue certification itself — that would conflict with the consulting role.
