FAQs - Frequently Asked Questions
What is the LegalTegrity Whistleblower System?
LegalTegrity is the secure, digital whistleblowing system for confidential reporting of legal violations, precisely tailored to the needs and requirements of medium-sized companies.
LegalTegrity allows you to report incidents confidentially or anonymously online or by telephone. LegalTegrity is independent of your company's IT. It is therefore impossible to trace who the whistleblower is. The data is securely stored in Deutsche Telekom's cloud. Only those authorised to access the system have access to the information. No one else – not even LegalTegrity.
Does our company need a whistleblowing system?
Yes, since the Whistleblower Protection Act (HinSchG) came into effect in Germany on 2nd July 2023, companies with 50 or more employees are obliged to set up an internal reporting channel. Companies subject to the Money Laundering Act must also offer a whistleblowing system.
A whistleblowing system allows employees and other whistleblowers to anonymously report unlawful conduct before damage is caused to the company and the public. If transparency and integrity are important to you, LegalTegrity supports you with a simple and data protection compliant solution to identify risks early and strengthen trust within the company.
Can I see a demo of the whistleblower system?
Yes, certainly. To get an initial impression of the software, you can request our demo video. It will introduce you to LegalTegrity in just 5 minutes. To do this, please fill out the form on the following page, and we will send the video to you via email: Request a demo video
For questions and a personal introduction to the software, you are welcome to book a demo appointment directly with our compliance experts. To do so, simply fill in theContact form We will send you a calendar link and you can choose a time.
How can one report legal violations?
LegalTegrity allows for the confidential and anonymous reporting of legal violations. Whistleblowers can log in, for example, via the link on the company website and submit their report using predefined questions or free text. In addition, photos or files can be uploaded. Before submitting the report, whistleblowers can decide whether to provide their contact details or remain anonymous. The platform functions like a locker accessible from two sides. Whistleblowers receive a PIN before submitting a report, which they can use to log back into the locker later. This allows companies to ask follow-up questions. The locker is only accessible to the whistleblower with the PIN, so it should be kept safe.
What must / can / should I report?
Companies can individually decide on which topics information can be provided beyond legal violations. Our experience is that employees have a very good sense of (in)justice. Behaviours that harm a company directly or indirectly, in the short, medium or long term, should definitely be reported.
Whistleblowing ist, wenn jemand illegale oder unethische Aktivitäten innerhalb einer Organisation aufdeckt.
Whistleblowing is the reporting of a malpractice or misconduct within a company with the intention of averting damage to the company. Whistleblowing can be confidential and anonymous. To avoid possible negative consequences for the whistleblower, a method should be used that fully guarantees the whistleblower's security. This is only the case with digital platforms in the cloud in Germany.
How much does LegalTegrity cost?
Our pricing system is very simple:
For companies <50 employees, LegalTegrity costs €588 p.a.
For companies with 50 or more employees, the licence costs €1,188.
From 250 employees €1,990 p.a.
From €2,990 p.a. our licence starts for enterprises with over 1,000 employees.
How long is the contract duration?
The contract is concluded for 12 months. Your contract will automatically extend by a further year each time, unless you cancel it one month before the end of the respective contract year. We want you to be satisfied with us – which is why we offer you a money-back guarantee in the first 3 months.
Is LegalTegrity available in all the languages that my business needs?
LegalTegrity is available in more than 40 languages. If needed, we can always add more languages at short notice.
Do other languages cost extra?
Our Essential and Professional 250 packages include 2 languages. Additional languages can be booked flexibly for €29/month per language. From the Professional 1,000 package onwards, all available languages (+40) are included.
For companies with a high demand for languages, we recommend Professional 1,000 or our Enterprise packages, which include all available languages. This keeps your cost structure predictable, even with complex requirements.
Who should be the system administrator?
Who is appointed as the system administrator depends on the size of the company. In smaller companies, the managing director often takes on this role, while in larger companies, it is usually the head of Legal, HR, or Management. Many clients also entrust the task to a lawyer or tax advisor to ensure neutral processing. This guarantees that tips are processed in a timely manner, even during absences. If desired, ombudsman support is also available through the compliance experts at LegalTegrity.
How many system administrators are sensible?
We also recommend for businesses For fewer than 50 employees, we recommend two system administrators, and ideally an external one, such as a solicitor, ombudsman, or tax advisor. This ensures that incoming cases are processed on time, even when the company's internal system administrator is absent. For larger companies, we also recommend more system administrators. These can be equipped with different access levels.
How many users (system administrators) are included in the price?
The number of included accesses depends on the package selected. The Essential package includes 2 accesses, and the frequently chosen Professional 250 includes 3 accesses. The number is designed to be sufficient for most practical purposes. Additional accesses can be booked at any time if required.
Will my solicitor have access to the system?
Yes, if you book LegalTegrity through your solicitor, they will automatically be listed as the system administrator in the default settings. However, you can change this setting manually and add further system administrators. If you booked LegalTegrity directly from our website, you can optionally provide us with your solicitor's details and we will ensure they are directly integrated into your new whistleblower system.
As a lawyer, do I have access to my client's system?
Yes. By booking LegalTegrity through your law firm, you will automatically be registered as the system administrator in the pre-settings. You will be informed about new incoming cases and can control case processing via the case management system.
How does LegalTegrity's whitelabelling work?
Does LegalTegrity include an integrated case management system?
Yes, for the administration and processing of cases, there is a simple, user-friendly case management system.
How secure is the data with LegalTegrity?
Your data is safe with us! The highest level of data security is a matter of course for us and an essential prerequisite for a successful whistleblower system. LegalTegrity is GDPR compliant and certification by TÜV and DIN ISO 27001 is currently underway. The system is hosted in Deutsche Telekom's cloud. Only authorised company personnel can view and process information relating to cases. Whistleblowers can view the data concerning their report and the company's responses using an individual PIN. Furthermore, no one else has access to the information.
Who can see my notification?
Notes can only be viewed by system-authorised personnel. Who is system-authorised varies from company to company and also depends on the company's size: typically, it is the management, the head of legal, the compliance officer, or a trusted external consultant (lawyer, ombudsman, tax advisor, compliance consultant). We, as the platform operator, do not have access to the information.
How does LegalTegrity ensure the highest IT security?
Your system's security is our top priority. LegalTegrity meets the highest IT security standards and is regularly confirmed through professional penetration tests. Combined with GDPR compliance and secure hosting in Germany, you receive a system you can rely on at all times.
How quickly is LegalTegrity implemented?
LegalTegrity is ready to use immediately after booking. Since many of our clients do not have their own IT department, the process is particularly simple: we provide you with a link to the whistleblower system for your intranet or website, which whistleblowers can use with ease. In addition, you will receive another link, which your system administrators can use to access the case management system.
Do I need to install software for LegalTegrity?
No, you do not need to install any software to use LegalTegrity. It is a simple plug-and-play system accessible from any browser and requires no installation.
What happens next after I give a tip?
The company must send the whistleblower an acknowledgement of receipt within one week at the latest. Our system has an acknowledgement of receipt button with a customisable message template for this purpose. The company must also inform the whistleblower of the measures taken or planned within three months. The whistleblower can log back into the system at any time using their PIN for this. If no feedback is received within three months or no appropriate measures are taken, the whistleblower may go public with their concerns.
Why is LegalTegrity particularly easy to implement?
LegalTegrity is designed as a „ready-to-go“ system and is immediately operational. You benefit from pre-installed, legally compliant question catalogues for the Whistleblower Protection Act, data protection, supply chain due diligence obligations, and the AGG (General Equal Treatment Act). Additionally, a NIS2 catalogue with integrated deadline management can be flexibly booked. This means you don't have to go through the laborious process of setting up your own structures – you can start immediately and implement your whistleblowing system without any IT effort.
Are there training courses on the use and administration of LegalTegrity? Are these included in the price?
Yes, training materials and personal onboarding are included in the price. This allows you to easily get to know all the system's functions and start using them immediately. Additionally, we offer optional training for reporting officers on legal aspects, as well as communication posters and explanatory videos for employees.
Is there training material for employees?
We have created a tutorial for your employees explaining how to use LegalTegrity and answering all important questions.
Are there sample documents for corporate communication?
Yes, of course. Some of our customers book LegalTegrity and „hide“ the link on a „sub-sub-page“ of the intranet. This already fulfils the requirements of the EU Directive. However, we recommend that our customers inform their employees about the introduction of LegalTegrity. This way, they can contribute to increasing transparency and integrity within the company. To help with this, we have compiled various templates for you as a special service, which differ in terms of the group of persons entitled to report, the type of request for reports and the company's relevant rules of conduct. If you are also looking for an individual solution for your company, please do not hesitate to contact us.
What premium services does LegalTegrity offer?
LegalTegrity offers you various premium services: additional languages or users, training, and our employee info poster. If you operate in multiple European countries, we recommend booking multiple country regulations as they differ from country to country.
What added value does the information poster offer to employees?
Your whistleblower system will only reach its full potential when you communicate it correctly. With our info poster for employees, developed by legal designers through scientific field studies, you will receive your neutral template for internal company communication. The info poster costs £299 € and is available in several languages. For more information, please seehere.
Does LegalTegrity offer direct customer service? Is this included in the price?
Yes, because we want satisfied customers. For this reason, we have designed all processes to be user-friendly and simple, and have compiled all questions for you in an FAQ. Sometimes new questions arise. Our customer service will be happy to help you then.
How reliable is the LegalTegrity system in operation?
LegalTegrity offers 99.99 % system availability, ensuring it is reliably accessible at all times. Regular updates ensure that you continually benefit from new features and improvements. At the same time, our fast and knowledgeable customer service team is always on hand to assist you with any questions or concerns.
Is there direct support within the system for questions?
Yes, an integrated help chatbot is available within the system. This chatbot can directly assist you with its usage, answer frequently asked questions in real-time, and help you navigate the system quickly – all without any extra effort or waiting times.
What is LegalTegrity's AI-based legal register?
The AI-based legal register is a digital compliance tool that systematically records, assesses, and translates all relevant laws, regulations, and requirements for your company into concrete obligations. It replaces static Excel lists and PDF legal registers with a dynamic, daily updated process specifically tailored to the requirements of internationally operating medium-sized companies. The system operates on the basis of a globally harmonised legal database with up to 120 jurisdictions, thereby supporting compliance requirements in up to 120 countries.
Does our company need a legal register?
While a legal register is not explicitly required by law, it is effectively the central basis for systematically demonstrating compliance with legal obligations – particularly within the framework of ISO management systems (e.g. ISO 9001, 14001, 45001, 50001) and increasing EU regulation. Without a structured legal register, the risk of overlooking relevant regulations, failing audits, or creating liability risks for management and the executive level increases. An AI-based legal register significantly reduces this effort and transforms compliance from a reactive duty into a controllable management process.
Can I see a demo of the legal register system?
Yes. You can get a Request a demo of the AI-based legal register, in which you can see in a few minutes how the company profile, relevance filter, and automatic derivation of obligations work together. Additionally, we offer individual demo appointments with our compliance experts, during which we will consider your specific company situation (industry, locations, ISO systems, international presence).
How does the AI-based legal cadastre „work“ in principle?
The system monitors a large, internationally oriented legal database on a daily basis and compares every change with your company profile (locations, business sectors, documents, processes). On this basis, the AI decides which regulations apply to your company in which jurisdictions, derives concrete obligations from them, and documents every step in an auditable manner. This creates a dynamic, AI-based legal register that reduces the complexity of international regulations without losing legal relevance.
A legal cadastre – in simple terms?
A legal register is a structured overview of all laws, regulations, official requirements, and standards that are binding for your company. It shows which obligations arise from them, who is responsible internally, and how the status of compliance is documented – allowing you to prove at any time during audits and with authorities that you know and manage your legal obligations.
How much does the AI-based legal register cost?
Prices are typically based on company size, number of locations/jurisdictions, and required scope of functionality (e.g. number of management systems, country coverage, users). For details, please book a demo appointment.
How long is the contract duration?
The contract runs for 12 months and is concluded for a minimum term of 36 months. We offer a paid trial account; the cost of this will be deducted from 100% upon signing the 3-year contract.
How do I create my property register?
Your legal register is ready to use within minutes: you enter your company structure and locations and upload relevant documents, permits, and notices. The AI analyses this data, compares it with the internationally oriented legal database, and automatically captures all relevant requirements – without time-consuming assessments, Excel lists, or days of consultancy.
The legal register is suitable for which management systems?
The solution covers the requirements of all common ISO management systems that demand the systematic identification and assessment of legal obligations. These include, but are not limited to, ISO 9001 (Quality Management), ISO 14001 (Environmental Management), ISO 27001/27701 (Information Security/Data Protection), ISO 45001 (Occupational Health and Safety), and ISO 50001 (Energy Management). With the current ISO revisions, the demands for risk assessment, documentation, and traceability are increasing significantly – precisely where the AI-based legal register offers an audit- and certification-proof solution.
What specific added value does AI automation provide?
The AI automatically translates new or amended legislation into specific, company-specific obligations. It checks applicability for your locations, roles (e.g., manufacturer, importer, operator) and processes, continuously compares uploaded documents with the current legal situation, and flags where compliance evidence already exists. You will receive proactive notifications of changes, can prioritise risks in a targeted manner, and thus move from reactive fulfilment of obligations to strategic compliance management.
Can I trust AI?
Yes. Unlike conventional AI solutions, the system does not use open internet sources and does not „hallucinate“ content. The AI works exclusively on the basis of a globally harmonised, structured legal database, which is maintained for up to 120 jurisdictions. Decisions on applicability and obligations are transparently traceable, are made on a scenario basis and can be manually overridden at any time if required.
Which countries and jurisdictions are covered?
The software supports compliance requirements in up to 120 countries worldwide and can technically process up to 120,000 legal regulations. This makes the AI-based legal register particularly suitable for medium-sized companies with international supply chains, foreign production sites, or export activities. Country-specific requirements can be queried specifically and configured on a location-by-location basis – from national law to EU regulations and industry-specific standards. Yes. Unlike conventional AI solutions, the system does not use open internet sources and does not „hallucinate“ content. The AI works exclusively on the basis of a globally harmonised, structured legal database maintained for up to 120 jurisdictions. Decisions on applicability and obligations are transparently traceable, are made on a scenario-based approach and can be manually overridden at any time if necessary.
Can I use the software in my industry?
Yes. The AI-based legal cadastre is designed for cross-industry applicability and filters exactly the requirements from the large volume of regulations that match your industry, locations, and activities – whether manufacturing, trade, services, or hybrid models. By comparing structured data (e.g. WZ codes, plant types) and unstructured documents (e.g. product descriptions, guidelines), a precise, company-specific duty profile is created.
How much time do I save compared to conventional solutions?
Small and medium-sized enterprises (SMEs) report time savings of between 3–4 hours per week per responsible person because manual legal research, maintenance of complex Excel lists, and monitoring of legislative changes are largely eliminated. Over the course of the year, this adds up to considerable resource savings, which can be invested in value-adding compliance activities and strategic projects instead of tedious work. Yes. The AI-based legal register is designed for cross-industry applicability and filters out precisely the requirements from the vast amount of regulations that are relevant to your economic sector, your locations, and your activities – whether production, trade, services, or mixed models. By comparing structured data (e.g., WZ codes, types of facilities) and unstructured documents (e.g., product descriptions, guidelines), a precise, company-specific duty profile is created.
How is up-to-dateness guaranteed on a permanent basis?
Your AI-based legal register remains automatically up-to-date: The underlying legal database is updated daily, legislative changes are automatically recognised and included in the relevance check for your company profile. The continuous maintenance of the database is contractually guaranteed until at least 2029, providing you with long-term planning security and protection against outdated legal information in audits.
How secure is my data in the AI-based legal register?
All data is stored exclusively on servers in Germany and processed in compliance with GDPR. Your sensitive company information will not be used for AI training purposes and will not be shared with third parties; the system is aligned with relevant security standards (e.g., ISO 27001 concept), thereby meeting the information security and data protection requirements of internationally operating medium-sized companies.
Who can see the contents of my legal register?
Only users authorised by your company with the appropriate roles and rights will have access. Typically, this includes management, compliance officers, department heads, or external advisors (e.g. law firms) to whom you consciously grant access rights. The platform operator does not have access to your content-related compliance data.
How does the system ensure maximum IT security?
The AI-based legal register is operated in a highly secure cloud environment in Germany and undergoes regular security and penetration testing. Combined with GDPR compliance, role and rights management, and encrypted data transmission, this provides you with a solution that meets the requirements of modern IT and compliance audits.
How quickly is the AI-based legal register implemented?
The system is ready for use immediately after booking. Many customers do not have their own IT department, which is why the process has been deliberately streamlined: you gain access to the platform, set up your company profile and locations, upload documents – the rest is handled automatically by the AI.
Do I need to install software?
No. The AI-based legal cadastre is a browser-based cloud solution and requires no local installation. Updates, new functions and extensions are automatically available without your internal IT needing to be involved.
How do I proceed specifically after the system is set up?
After your company data has been captured, the system initiates an initial regulatory check, which examines all relevant legal provisions in the selected jurisdictions. You will then see a structured legal register with classifications „applicable/not applicable“, clear justifications, and derived obligations that you can assign to responsible individuals and set deadlines for.
AI-based legal registers are particularly easy to implement because this system is user-friendly and can be used without any prior training.
Because it's not set up like a classic project with months of workshops, Excel templates and consultant rounds, but as an ongoing, automated process. Pre-installed structures for management systems and legal areas, automated updates and integrated task management save you the effort of building your own error-prone structures.
Will I be guided through setup and usage?
Yes. During implementation and ongoing use, you will be supported by an expert team – from initial system configuration and training for responsible individuals to optimising AI-driven compliance processes. The goal is for you to exploit the full potential of the AI-based legal register for your individual compliance requirements.
Are there training courses for using and administrating the system?
Training materials and personal onboarding are available and can be included in the package. Additionally, in-depth training on legal foundations, internal processes, and optimal use of the AI-based legal register can be booked – particularly for roles such as Compliance Officers, Quality Management Representatives, and Environmental, Health & Safety, or Data Protection Officers.
Are there template documents for corporate communications (e.g. for audits and internal policies)?
Yes. Many companies use text modules and templates to transparently communicate the introduction of the AI-based legal register to management, employees, and auditors. These include, among others, templates for describing the legal register processes in the management system, notes for audit documentation, and guidelines for role and responsibility allocation.
Does your company offer direct customer service, and is this included in the price?
Yes. Direct customer support is available for questions regarding usage, configuration, or evaluation. A portion of the support (e.g. onboarding, basic support) is typically included in the package price; further services (e.g. international rollouts, complex integrations or additional training) can be booked as needed.
How reliable is the AI-based land register in ongoing operation?
The solution is designed for very high system availability and is continuously developed to optimise performance and functionality. Regular updates ensure that new regulatory requirements, further jurisdictions and additional functions are integrated into the platform without disrupting ongoing operations.
Is there direct support within the system for questions?
Yes. Within the platform, help texts and tutorials are available, which answer frequently asked questions about operation in real time. This allows users to work independently and quickly in the AI-based legal cadastre without long training periods.
What is the Digital Compliance Office (DCO)?
The Digital Compliance Office (DCO) is a secure, digital platform for building and managing your Information Security Management System (ISMS) according to ISO 27001, NIS2, GDPR, and TISAX, tailored precisely to the needs and requirements of medium-sized companies.
The DCO enables you to build your ISMS in a structured and efficient way – with automated policies, risk management and audit preparation. The DCO is available independently as a cloud-based solution and is hosted in Germany. The data is securely located in the Microsoft Germany cloud. Only those authorised to access the system have access to the information.
Does our company need an ISMS?
An ISMS is a structured system that companies use to protect the confidentiality, integrity, and availability of information. It includes policies, processes, responsibilities, and technical measures.
Companies need an ISMS particularly when they need to demonstrate ISO 27001 certification, have high data protection requirements (e.g. finance, healthcare, automotive industries), or must provide TISAX certifications as suppliers to large companies. An ISMS enables companies to meet compliance requirements, minimise risks, and demonstrably adhere to security standards. If information security and the reduction of liability risks are important to you, the DCO will support you with a simple and automated solution.
Can I see a demo of the ISMS system?
Yes, by all means. To get an initial impression of the software, you can Book a no-obligation demo. For questions and a personal demonstration of the software, you can arrange a demo appointment directly with our information security experts.
How does the setup of an ISMS with the DCO work?
The DCO platform structures the setup in several steps and automates policies through intelligent questionnaires. The Navigator feature offers a self-guided customer journey for building your ISMS. Tasks are directly linked to the relevant ISO controls, significantly accelerating the certification process.
You can build up your ISMS step by step: Assets (software, hardware, know-how, processes) are catalogued and classified according to their security needs. This results in risk management with treatment plans and risk assessment. Incidents are systematically documented and processed. For NIS2-relevant incidents, a reporting workflow is triggered, which reports to the BSI within 24 hours.
What must / can / should I manage with the ISMS?
The ISMS enables you to manage all security-relevant areas of your company. This includes risk management (identification, assessment, and treatment planning for security risks), audit management (support for internal audits and certification preparation), supplier compliance (vendor risk management), and audit-proof documentation.
The platform offers policy management, asset and risk management, incident management, task and project management, and employee training features. You can individually determine which frameworks (ISO 27001, NIS2, TISAX, GDPR) you wish to implement.
Which standards are supported by the ISMS?
The DCO supports the implementation and management of ISO 27001, TISAX, NIS2, DORA, and SOC2. Furthermore, controls for IT Baseline Protection and C5 are available. For data protection, GDPR and nDSG (Switzerland) are supported, and controls for BDSG and TTSG are also available.
ISO 27001 is the internationally recognised standard for information security. Among other things, it requires an asset register, risk management, policies, training, internal audits, and continuous improvement processes. Several frameworks can be implemented simultaneously, as these are automatically linked to each other in the background, thus avoiding additional effort.
How much does the DCO cost?
The DCO is available as a flexible annual subscription that can be individually tailored to the size of your company and its compliance requirements. The solution is modularly expandable for additional compliance frameworks.
Prices depend on the size of the company and its compliance requirements. There is an annual price indexation of 2.9% to account for the level of innovation and increasing requirements. Personalised advice is available for bespoke ISMS set-ups.
How long is the contract duration?
The DCO is offered as an annual subscription with flexible upgrade options. Details regarding automatic renewal and cancellation periods are governed by the individual contract documents.
Is the DCO available in all the languages I need for my business?
The platform and content are available in German and English. Further language options can be requested for international requirements.
Who should be a system administrator or information security officer?
In small companies, managing directors and IT managers often take on this role. Larger organisations have dedicated information security officers (ISOs). The responsibility is clearly defined through governance regulations.
The DCO is particularly aimed at IT and compliance teams for centralised control of security processes, as well as managing directors and CISOs who want to reduce liability risks. Many companies also entrust this task to external consultants to ensure neutral processing.
How many users are included in the price?
The DCO offers role-Based Access Control (RBAC), so that different user groups can be provided with differentiated rights. The specific number of user accesses included depends on the chosen license model and can be expanded if necessary.
Will my external consultant have access to the system?
Yes, the DCO supports the integration of external consultants. With role-Based Access Control allows you to specifically set up access rights for external partners such as lawyers, tax advisors, or compliance consultants. Our TÜV or ISACA certified consultants can assist you in setting up the ISMS.
Is task and project management integrated into the DCO?
Yes, the DCO offers integrated task and project management. This provides an overview of open tasks in information security. Tasks are directly linked to the relevant ISO controls.
What API integrations does the DCO offer?
The DCO offers over 60 API integrations, including for Microsoft 365, Atlassian and ServiceNow. It has a REST API for integration with third parties. Furthermore, support for SIEM systems for security monitoring is provided. For Identity Access Management, SAML 2.0 and OpenID Connect supports, with integration to Microsoft Azure AD, Okta, and Google Workspace.
How secure is the data in the DCO?
The highest security for your data is a matter of course for us and an indispensable prerequisite for a successful ISMS. The DCO is GDPR-compliant and is hosted in the cloud by Microsoft Germany.
The cloud environment is highly available and ISO 27001-certified. AES-256 encryption is used for data at rest and TLS 1.2 encryption is used for data in transit. Daily automatic backups and disaster recovery mechanisms are in place. The platform achieves an annual average availability of 99.%.
Who can access my ISMS data?
ISMS data can only be viewed by authorised system users. The DCO is a multi-tenant system that provides logical and physical data separation. There is an authorisation concept with differentiated rights assignment and definition of user groups.
Access control is handled via Role-Based Access Control (RBAC), Two-Factor Authentication (2FA), and Single Sign-On (SSO) through common identity providers. Only minimal administrator access accounts are established, and access permissions are regularly reviewed.
How does the DCO ensure the highest level of IT security?
The security of your system is our top priority. The DCO is developed in Germany and hosted on Microsoft Azure, with 99% uptime. Regular penetration tests (pentests) are carried out.
Implemented security measures include: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), real-time monitoring and logging of all security-critical events, audit trails for compliance evidence. There are firewalls, antivirus software, automatic screen locking, endpoint encryption, and password policies. Incident response management is implemented from a process perspective.
How quickly is the DCO implemented?
Small businesses require approximately 50 hours for implementation. Large businesses with over 200 employees require around 500 hours. The fastest complete implementation, including certification, was 12 weeks.
The DCO significantly reduces internal workload and speeds up certification processes – up to 55% faster and 67% cheaper compared to traditional consultancy projects. Automation saves hundreds of hours of manual work, as guidelines, supporting evidence, tasks and version histories are automatically generated, linked and updated – without the need for Excel or Word documents.
Do I have to install the DCO software?
No, you do not need to install any software to use the DCO. It is a web-based application accessible via any browser. The system is cloud-based as softwareAsmit Software-as-a-Service (SaaS) bereitgestellt.
What happens next after I start implementing an ISMS?
The Navigator feature guides you self-directed through the customer journey for building your ISMS in 15 structured steps. Tasks are automatically generated and linked to the relevant ISO controls. You can view the status of your open tasks in the project management area at any time.
The audit feature helps you identify security vulnerabilities. The platform supports you with internal audits and tracking measures for certification preparation. Executive reports give you an overview of progress.
Why is the DCO particularly easy to implement?
The DCO is designed as a „ready-to-go“ system and is immediately operational. The platform structures the setup in 15 steps and automates guidelines through intelligent questionnaires. You benefit from pre-installed, legally compliant structures for ISO 27001, NIS2, TISAX, GDPR, and other standards.
Automated checks and documentation, a policy generator, and automated risk simulations drastically reduce manual effort. This eliminates the need for you to build your own structures, allowing you to get started immediately.
Are there training sessions on the use and administration of the DCO? Are these included in the price?
Yes, the DCO offers Customer Success Support to guide you through the setup process. The software also empowers non-experts to implement their compliance projects independently. In this scenario, a Customer Success Manager will oversee your process.
Furthermore, a training feature is included: InfoSec mandatory training for all employees directly on the platform. For NIS2, online training is offered for responsible managers. Dedicated expert support with a personal contact person and managed services can also be booked as an option.
Is there training material for employees?
Yes, the DCO offers an integrated training feature with InfoSecMandatory training for all employees directly on the platform. The content is available in German and English. For NIS2 requirements, special online training will be offered for responsible managers.
What business models or support levels are available?
There are three business models:
- Self-service via the platform – with Customer Success Manager support for non-experts
- Expert-Guided with a personal consultant – dedicated expert support
- Managed Service – our expert team implements for you
Additionally, An internal audit is bookable as an additional service, carried out independently by a separate team. Expert support for the first year provides professional guidance, instruction, and oversight in the establishment, implementation, and management of your ISMS by information security experts – unlimited within the framework provided by the platform.
What premium services are offered?
There are various premium services:
- Additional compliance frameworks (NIS2, TISAX, ISO 27001) with policies, controls, and tasks
- Annual internal information security audit by certified experts
- Expert support for the first year – unlimited technical guidance
- Smart Audit – software-supported inventory to identify data protection risks with prioritised recommendations for action
- Vendor Risk Management for automated supplier assessments and compliance audits
Is there direct customer service? Is this included in the price?
Yes, there is technical support via a ticketing system. The Comfort package includes access to certified information security experts, limited to 1 hour of service per month (hours do not roll over to subsequent months).
Furthermore, Customer Success Support is available. The consultants are TÜV- or ISACA-certified. There is 24/7 monitoring and incident response with a response time of 2 hours for critical security incidents.
How reliable is the DCO system in ongoing operation?
The DCO offers an average annual system availability of 99%. Monitoring and incident response are provided 24/7. Scheduled maintenance windows take place outside business hours.
Regular security updates and feature enhancements are carried out. The platform has a data backup concept with daily automatic backups, a recovery concept, and implemented disaster recovery mechanisms. A RAID system, UPS, fire alarm system, and backup strategy with disk mirroring are in place.
Are there any additional newsletters or information services?
Yes, there is a quarterly compliance newsletter. In addition, there is an information security seal for your website. Executive reports will keep you informed about the status of your ISMS.