FAQs - Frequently Asked Questions

LegalTegrity is the secure, digital whistleblowing system for confidential reporting of legal violations, precisely tailored to the needs and requirements of medium-sized companies.

LegalTegrity allows you to report incidents confidentially or anonymously online or by telephone. LegalTegrity is independent of your company's IT. It is therefore impossible to trace who the whistleblower is. The data is securely stored in Deutsche Telekom's cloud. Only those authorised to access the system have access to the information. No one else – not even LegalTegrity.

Yes, since the Whistleblower Protection Act (HinSchG) came into effect in Germany on 2nd July 2023, companies with 50 or more employees are obliged to set up an internal reporting channel. Companies subject to the Money Laundering Act must also offer a whistleblowing system.

A whistleblowing system allows employees and other whistleblowers to anonymously report unlawful conduct before damage is caused to the company and the public. If transparency and integrity are important to you, LegalTegrity supports you with a simple and data protection compliant solution to identify risks early and strengthen trust within the company.

Yes, certainly. To get an initial impression of the software, you can request our demo video. It will introduce you to LegalTegrity in just 5 minutes. To do this, please fill out the form on the following page, and we will send the video to you via email: Request a demo video 

For questions and a personal introduction to the software, you are welcome to book a demo appointment directly with our compliance experts. To do so, simply fill in theContact formWe will send you a calendar link and you can choose a time. 

LegalTegrity allows for the confidential and anonymous reporting of legal violations. Whistleblowers can log in, for example, via the link on the company website and submit their report using predefined questions or free text. In addition, photos or files can be uploaded. Before submitting the report, whistleblowers can decide whether to provide their contact details or remain anonymous. The platform functions like a locker accessible from two sides. Whistleblowers receive a PIN before submitting a report, which they can use to log back into the locker later. This allows companies to ask follow-up questions. The locker is only accessible to the whistleblower with the PIN, so it should be kept safe.

Companies can individually decide on which topics information can be provided beyond legal violations. Our experience is that employees have a very good sense of (in)justice. Behaviours that harm a company directly or indirectly, in the short, medium or long term, should definitely be reported.

Whistleblowing is the reporting of a malpractice or misconduct within a company with the intention of averting damage to the company. Whistleblowing can be confidential and anonymous. To avoid possible negative consequences for the whistleblower, a method should be used that fully guarantees the whistleblower's security. This is only the case with digital platforms in the cloud in Germany.

Our pricing system is very simple:

For companies <50 employees, LegalTegrity costs €588 p.a.

For companies with 50 or more employees, the licence costs €1,188.

From 250 employees €1,990 p.a.

From €2,990 p.a. our licence starts for enterprises with over 1,000 employees.

The contract is concluded for 12 months. Your contract will automatically extend by a further year each time, unless you cancel it one month before the end of the respective contract year. We want you to be satisfied with us – which is why we offer you a money-back guarantee in the first 3 months.

LegalTegrity is available in more than 40 languages. If needed, we can always add more languages at short notice.

Our Essential and Professional 250 packages include 2 languages. Additional languages can be booked flexibly for €29/month per language. From the Professional 1,000 package onwards, all available languages (+40) are included.

For companies with a high demand for languages, we recommend Professional 1,000 or our Enterprise packages, which include all available languages. This keeps your cost structure predictable, even with complex requirements.

Who is appointed as the system administrator depends on the size of the company. In smaller companies, the managing director often takes on this role, while in larger companies, it is usually the head of Legal, HR, or Management. Many clients also entrust the task to a lawyer or tax advisor to ensure neutral processing. This guarantees that tips are processed in a timely manner, even during absences. If desired, ombudsman support is also available through the compliance experts at LegalTegrity.

We also recommend for businesses For fewer than 50 employees, we recommend two system administrators, and ideally an external one, such as a solicitor, ombudsman, or tax advisor. This ensures that incoming cases are processed on time, even when the company's internal system administrator is absent. For larger companies, we also recommend more system administrators. These can be equipped with different access levels. 

The number of included accesses depends on the package selected. The Essential package includes 2 accesses, and the frequently chosen Professional 250 includes 3 accesses. The number is designed to be sufficient for most practical purposes. Additional accesses can be booked at any time if required.

Yes, if you book LegalTegrity through your solicitor, they will automatically be listed as the system administrator in the default settings. However, you can change this setting manually and add further system administrators. If you booked LegalTegrity directly from our website, you can optionally provide us with your solicitor's details and we will ensure they are directly integrated into your new whistleblower system.

Yes. By booking LegalTegrity through your law firm, you will automatically be registered as the system administrator in the pre-settings. You will be informed about new incoming cases and can control case processing via the case management system.

We are delighted with your interest. LegalTegrity offers a whitelabel solution for sales partners (https://legaltegrity.com/partner/). We would be happy to show you the design options.

Yes, for the administration and processing of cases, there is a simple, user-friendly case management system. 

Your data is safe with us! The highest level of data security is a matter of course for us and an essential prerequisite for a successful whistleblower system. LegalTegrity is GDPR compliant and certification by TÜV and DIN ISO 27001 is currently underway. The system is hosted in Deutsche Telekom's cloud. Only authorised company personnel can view and process information relating to cases. Whistleblowers can view the data concerning their report and the company's responses using an individual PIN. Furthermore, no one else has access to the information.

Notes can only be viewed by system-authorised personnel. Who is system-authorised varies from company to company and also depends on the company's size: typically, it is the management, the head of legal, the compliance officer, or a trusted external consultant (lawyer, ombudsman, tax advisor, compliance consultant). We, as the platform operator, do not have access to the information.

Your system's security is our top priority. LegalTegrity meets the highest IT security standards and is regularly confirmed through professional penetration tests. Combined with GDPR compliance and secure hosting in Germany, you receive a system you can rely on at all times.

LegalTegrity is ready to use immediately after booking. Since many of our clients do not have their own IT department, the process is particularly simple: we provide you with a link to the whistleblower system for your intranet or website, which whistleblowers can use with ease. In addition, you will receive another link, which your system administrators can use to access the case management system.

No, you do not need to install any software to use LegalTegrity. It is a simple plug-and-play system accessible from any browser and requires no installation.

The company must send the whistleblower an acknowledgement of receipt within one week at the latest. Our system has an acknowledgement of receipt button with a customisable message template for this purpose. The company must also inform the whistleblower of the measures taken or planned within three months. The whistleblower can log back into the system at any time using their PIN for this. If no feedback is received within three months or no appropriate measures are taken, the whistleblower may go public with their concerns.

LegalTegrity is designed as a „ready-to-go“ system and is immediately operational. You benefit from pre-installed, legally compliant question catalogues for the Whistleblower Protection Act, data protection, supply chain due diligence obligations, and the AGG (General Equal Treatment Act). Additionally, a NIS2 catalogue with integrated deadline management can be flexibly booked. This means you don't have to go through the laborious process of setting up your own structures – you can start immediately and implement your whistleblowing system without any IT effort.

Yes, training materials and personal onboarding are included in the price. This allows you to easily get to know all the system's functions and start using them immediately. Additionally, we offer optional training for reporting officers on legal aspects, as well as communication posters and explanatory videos for employees.

We have created a tutorial for your employees explaining how to use LegalTegrity and answering all important questions. 

Yes, of course. Some of our customers book LegalTegrity and „hide“ the link on a „sub-sub-page“ of the intranet. This already fulfils the requirements of the EU Directive. However, we recommend that our customers inform their employees about the introduction of LegalTegrity. This way, they can contribute to increasing transparency and integrity within the company. To help with this, we have compiled various templates for you as a special service, which differ in terms of the group of persons entitled to report, the type of request for reports and the company's relevant rules of conduct. If you are also looking for an individual solution for your company, please do not hesitate to contact us.

LegalTegrity offers you various premium services: additional languages or users, training, and our employee info poster. If you operate in multiple European countries, we recommend booking multiple country regulations as they differ from country to country.

Your whistleblower system will only reach its full potential when you communicate it correctly. With our info poster for employees, developed by legal designers through scientific field studies, you will receive your neutral template for internal company communication. The info poster costs £299 € and is available in several languages. For more information, please seehere. 

Yes, because we want satisfied customers. For this reason, we have designed all processes to be user-friendly and simple, and have compiled all questions for you in an FAQ. Sometimes new questions arise. Our customer service will be happy to help you then.

LegalTegrity offers 99.99 % system availability, ensuring it is reliably accessible at all times. Regular updates ensure that you continually benefit from new features and improvements. At the same time, our fast and knowledgeable customer service team is always on hand to assist you with any questions or concerns.

Yes, an integrated help chatbot is available within the system. This chatbot can directly assist you with its usage, answer frequently asked questions in real-time, and help you navigate the system quickly – all without any extra effort or waiting times.

The AI-based legal register is a digital compliance tool that systematically records, assesses, and translates all relevant laws, regulations, and requirements for your company into concrete obligations. It replaces static Excel lists and PDF legal registers with a dynamic, daily updated process specifically tailored to the requirements of internationally operating medium-sized companies. The system operates on the basis of a globally harmonised legal database with up to 120 jurisdictions, thereby supporting compliance requirements in up to 120 countries.

While a legal register is not explicitly required by law, it is effectively the central basis for systematically demonstrating compliance with legal obligations – particularly within the framework of ISO management systems (e.g. ISO 9001, 14001, 45001, 50001) and increasing EU regulation. Without a structured legal register, the risk of overlooking relevant regulations, failing audits, or creating liability risks for management and the executive level increases. An AI-based legal register significantly reduces this effort and transforms compliance from a reactive duty into a controllable management process.

Yes. You can get a Request a demo of the AI-based legal register, in which you can see in a few minutes how the company profile, relevance filter, and automatic derivation of obligations work together. Additionally, we offer individual demo appointments with our compliance experts, during which we will consider your specific company situation (industry, locations, ISO systems, international presence).

The system monitors a large, internationally oriented legal database on a daily basis and compares every change with your company profile (locations, business sectors, documents, processes). On this basis, the AI decides which regulations apply to your company in which jurisdictions, derives concrete obligations from them, and documents every step in an auditable manner. This creates a dynamic, AI-based legal register that reduces the complexity of international regulations without losing legal relevance.

A legal register is a structured overview of all laws, regulations, official requirements, and standards that are binding for your company. It shows which obligations arise from them, who is responsible internally, and how the status of compliance is documented – allowing you to prove at any time during audits and with authorities that you know and manage your legal obligations.

Prices are typically based on company size, number of locations/jurisdictions, and required scope of functionality (e.g. number of management systems, country coverage, users). For details, please book a demo appointment.

The contract runs for 12 months and is concluded for a minimum term of 36 months. We offer a paid trial account; the cost of this will be deducted from 100% upon signing the 3-year contract.

Your legal register is ready to use within minutes: you enter your company structure and locations and upload relevant documents, permits, and notices. The AI analyses this data, compares it with the internationally oriented legal database, and automatically captures all relevant requirements – without time-consuming assessments, Excel lists, or days of consultancy.

The solution covers the requirements of all common ISO management systems that demand the systematic identification and assessment of legal obligations. These include, but are not limited to, ISO 9001 (Quality Management), ISO 14001 (Environmental Management), ISO 27001/27701 (Information Security/Data Protection), ISO 45001 (Occupational Health and Safety), and ISO 50001 (Energy Management). With the current ISO revisions, the demands for risk assessment, documentation, and traceability are increasing significantly – precisely where the AI-based legal register offers an audit- and certification-proof solution.

The AI automatically translates new or amended legislation into specific, company-specific obligations. It checks applicability for your locations, roles (e.g., manufacturer, importer, operator) and processes, continuously compares uploaded documents with the current legal situation, and flags where compliance evidence already exists. You will receive proactive notifications of changes, can prioritise risks in a targeted manner, and thus move from reactive fulfilment of obligations to strategic compliance management.

Yes. Unlike conventional AI solutions, the system does not use open internet sources and does not „hallucinate“ content. The AI works exclusively on the basis of a globally harmonised, structured legal database, which is maintained for up to 120 jurisdictions. Decisions on applicability and obligations are transparently traceable, are made on a scenario basis and can be manually overridden at any time if required.

The software supports compliance requirements in up to 120 countries worldwide and can technically process up to 120,000 legal regulations. This makes the AI-based legal register particularly suitable for medium-sized companies with international supply chains, foreign production sites, or export activities. Country-specific requirements can be queried specifically and configured on a location-by-location basis – from national law to EU regulations and industry-specific standards. Yes. Unlike conventional AI solutions, the system does not use open internet sources and does not „hallucinate“ content. The AI works exclusively on the basis of a globally harmonised, structured legal database maintained for up to 120 jurisdictions. Decisions on applicability and obligations are transparently traceable, are made on a scenario-based approach and can be manually overridden at any time if necessary.

Yes. The AI-based legal cadastre is designed for cross-industry applicability and filters exactly the requirements from the large volume of regulations that match your industry, locations, and activities – whether manufacturing, trade, services, or hybrid models. By comparing structured data (e.g. WZ codes, plant types) and unstructured documents (e.g. product descriptions, guidelines), a precise, company-specific duty profile is created.

Small and medium-sized enterprises (SMEs) report time savings of between 3–4 hours per week per responsible person because manual legal research, maintenance of complex Excel lists, and monitoring of legislative changes are largely eliminated. Over the course of the year, this adds up to considerable resource savings, which can be invested in value-adding compliance activities and strategic projects instead of tedious work. Yes. The AI-based legal register is designed for cross-industry applicability and filters out precisely the requirements from the vast amount of regulations that are relevant to your economic sector, your locations, and your activities – whether production, trade, services, or mixed models. By comparing structured data (e.g., WZ codes, types of facilities) and unstructured documents (e.g., product descriptions, guidelines), a precise, company-specific duty profile is created.

Your AI-based legal register remains automatically up-to-date: The underlying legal database is updated daily, legislative changes are automatically recognised and included in the relevance check for your company profile. The continuous maintenance of the database is contractually guaranteed until at least 2029, providing you with long-term planning security and protection against outdated legal information in audits.

All data is stored exclusively on servers in Germany and processed in compliance with GDPR. Your sensitive company information will not be used for AI training purposes and will not be shared with third parties; the system is aligned with relevant security standards (e.g., ISO 27001 concept), thereby meeting the information security and data protection requirements of internationally operating medium-sized companies.

Only users authorised by your company with the appropriate roles and rights will have access. Typically, this includes management, compliance officers, department heads, or external advisors (e.g. law firms) to whom you consciously grant access rights. The platform operator does not have access to your content-related compliance data.

The AI-based legal register is operated in a highly secure cloud environment in Germany and undergoes regular security and penetration testing. Combined with GDPR compliance, role and rights management, and encrypted data transmission, this provides you with a solution that meets the requirements of modern IT and compliance audits.

The system is ready for use immediately after booking. Many customers do not have their own IT department, which is why the process has been deliberately streamlined: you gain access to the platform, set up your company profile and locations, upload documents – the rest is handled automatically by the AI.

No. The AI-based legal cadastre is a browser-based cloud solution and requires no local installation. Updates, new functions and extensions are automatically available without your internal IT needing to be involved. 

After your company data has been captured, the system initiates an initial regulatory check, which examines all relevant legal provisions in the selected jurisdictions. You will then see a structured legal register with classifications „applicable/not applicable“, clear justifications, and derived obligations that you can assign to responsible individuals and set deadlines for.

Because it's not set up like a classic project with months of workshops, Excel templates and consultant rounds, but as an ongoing, automated process. Pre-installed structures for management systems and legal areas, automated updates and integrated task management save you the effort of building your own error-prone structures.

Yes. During implementation and ongoing use, you will be supported by an expert team – from initial system configuration and training for responsible individuals to optimising AI-driven compliance processes. The goal is for you to exploit the full potential of the AI-based legal register for your individual compliance requirements.

Training materials and personal onboarding are available and can be included in the package. Additionally, in-depth training on legal foundations, internal processes, and optimal use of the AI-based legal register can be booked – particularly for roles such as Compliance Officers, Quality Management Representatives, and Environmental, Health & Safety, or Data Protection Officers.

Yes. Many companies use text modules and templates to transparently communicate the introduction of the AI-based legal register to management, employees, and auditors. These include, among others, templates for describing the legal register processes in the management system, notes for audit documentation, and guidelines for role and responsibility allocation.

Yes. Direct customer support is available for questions regarding usage, configuration, or evaluation. A portion of the support (e.g. onboarding, basic support) is typically included in the package price; further services (e.g. international rollouts, complex integrations or additional training) can be booked as needed.

The solution is designed for very high system availability and is continuously developed to optimise performance and functionality. Regular updates ensure that new regulatory requirements, further jurisdictions and additional functions are integrated into the platform without disrupting ongoing operations. 

Yes. Within the platform, help texts and tutorials are available, which answer frequently asked questions about operation in real time. This allows users to work independently and quickly in the AI-based legal cadastre without long training periods.

The Digital Compliance Office (DCO) is a secure, digital platform for building and managing your Information Security Management System (ISMS) according to ISO 27001, NIS2, GDPR, and TISAX, tailored precisely to the needs and requirements of medium-sized companies. 

The DCO enables you to build your ISMS in a structured and efficient way – with automated policies, risk management and audit preparation. The DCO is available independently as a cloud-based solution and is hosted in Germany. The data is securely located in the Microsoft Germany cloud. Only those authorised to access the system have access to the information.

An ISMS is a structured system that companies use to protect the confidentiality, integrity, and availability of information. It includes policies, processes, responsibilities, and technical measures. 

Companies need an ISMS particularly when they need to demonstrate ISO 27001 certification, have high data protection requirements (e.g. finance, healthcare, automotive industries), or must provide TISAX certifications as suppliers to large companies. An ISMS enables companies to meet compliance requirements, minimise risks, and demonstrably adhere to security standards. If information security and the reduction of liability risks are important to you, the DCO will support you with a simple and automated solution. 

Yes, by all means. To get an initial impression of the software, you can Book a no-obligation demo. For questions and a personal demonstration of the software, you can arrange a demo appointment directly with our information security experts. 

The DCO platform structures the setup in several steps and automates policies through intelligent questionnaires. The Navigator feature offers a self-guided customer journey for building your ISMS. Tasks are directly linked to the relevant ISO controls, significantly accelerating the certification process. 

You can build up your ISMS step by step: Assets (software, hardware, know-how, processes) are catalogued and classified according to their security needs. This results in risk management with treatment plans and risk assessment. Incidents are systematically documented and processed. For NIS2-relevant incidents, a reporting workflow is triggered, which reports to the BSI within 24 hours. 

The ISMS enables you to manage all security-relevant areas of your company. This includes risk management (identification, assessment, and treatment planning for security risks), audit management (support for internal audits and certification preparation), supplier compliance (vendor risk management), and audit-proof documentation. 

The platform offers policy management, asset and risk management, incident management, task and project management, and employee training features. You can individually determine which frameworks (ISO 27001, NIS2, TISAX, GDPR) you wish to implement.

The DCO supports the implementation and management of ISO 27001, TISAX, NIS2, DORA, and SOC2. Furthermore, controls for IT Baseline Protection and C5 are available. For data protection, GDPR and nDSG (Switzerland) are supported, and controls for BDSG and TTSG are also available. 

ISO 27001 is the internationally recognised standard for information security. Among other things, it requires an asset register, risk management, policies, training, internal audits, and continuous improvement processes. Several frameworks can be implemented simultaneously, as these are automatically linked to each other in the background, thus avoiding additional effort. 

The DCO is available as a flexible annual subscription that can be individually tailored to the size of your company and its compliance requirements. The solution is modularly expandable for additional compliance frameworks. 

Prices depend on the size of the company and its compliance requirements. There is an annual price indexation of 2.9% to account for the level of innovation and increasing requirements. Personalised advice is available for bespoke ISMS set-ups. 

The DCO is offered as an annual subscription with flexible upgrade options. Details regarding automatic renewal and cancellation periods are governed by the individual contract documents. 

The platform and content are available in German and English. Further language options can be requested for international requirements. 

In small companies, managing directors and IT managers often take on this role. Larger organisations have dedicated information security officers (ISOs). The responsibility is clearly defined through governance regulations. 

The DCO is particularly aimed at IT and compliance teams for centralised control of security processes, as well as managing directors and CISOs who want to reduce liability risks. Many companies also entrust this task to external consultants to ensure neutral processing. 

The DCO offers role-Based Access Control (RBAC), so that different user groups can be provided with differentiated rights. The specific number of user accesses included depends on the chosen license model and can be expanded if necessary. 

Yes, the DCO supports the integration of external consultants. With role-Based Access Control allows you to specifically set up access rights for external partners such as lawyers, tax advisors, or compliance consultants. Our TÜV or ISACA certified consultants can assist you in setting up the ISMS. 

Yes, the DCO offers integrated task and project management. This provides an overview of open tasks in information security. Tasks are directly linked to the relevant ISO controls. 

The DCO offers over 60 API integrations, including for Microsoft 365, Atlassian and ServiceNow. It has a REST API for integration with third parties. Furthermore, support for SIEM systems for security monitoring is provided. For Identity Access Management, SAML 2.0 and OpenID Connect supports, with integration to Microsoft Azure AD, Okta, and Google Workspace. 

The highest security for your data is a matter of course for us and an indispensable prerequisite for a successful ISMS. The DCO is GDPR-compliant and is hosted in the cloud by Microsoft Germany.

The cloud environment is highly available and ISO 27001-certified. AES-256 encryption is used for data at rest and TLS 1.2 encryption is used for data in transit. Daily automatic backups and disaster recovery mechanisms are in place. The platform achieves an annual average availability of 99.%.

ISMS data can only be viewed by authorised system users. The DCO is a multi-tenant system that provides logical and physical data separation. There is an authorisation concept with differentiated rights assignment and definition of user groups. 

Access control is handled via Role-Based Access Control (RBAC), Two-Factor Authentication (2FA), and Single Sign-On (SSO) through common identity providers. Only minimal administrator access accounts are established, and access permissions are regularly reviewed. 

The security of your system is our top priority. The DCO is developed in Germany and hosted on Microsoft Azure, with 99% uptime. Regular penetration tests (pentests) are carried out. 

Implemented security measures include: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), real-time monitoring and logging of all security-critical events, audit trails for compliance evidence. There are firewalls, antivirus software, automatic screen locking, endpoint encryption, and password policies. Incident response management is implemented from a process perspective. 

Small businesses require approximately 50 hours for implementation. Large businesses with over 200 employees require around 500 hours. The fastest complete implementation, including certification, was 12 weeks. 

The DCO significantly reduces internal workload and speeds up certification processes – up to 55% faster and 67% cheaper compared to traditional consultancy projects. Automation saves hundreds of hours of manual work, as guidelines, supporting evidence, tasks and version histories are automatically generated, linked and updated – without the need for Excel or Word documents. 

No, you do not need to install any software to use the DCO. It is a web-based application accessible via any browser. The system is cloud-based as softwareAsmit Software-as-a-Service (SaaS) bereitgestellt. 

The Navigator feature guides you self-directed through the customer journey for building your ISMS in 15 structured steps. Tasks are automatically generated and linked to the relevant ISO controls. You can view the status of your open tasks in the project management area at any time. 

The audit feature helps you identify security vulnerabilities. The platform supports you with internal audits and tracking measures for certification preparation. Executive reports give you an overview of progress. 

The DCO is designed as a „ready-to-go“ system and is immediately operational. The platform structures the setup in 15 steps and automates guidelines through intelligent questionnaires. You benefit from pre-installed, legally compliant structures for ISO 27001, NIS2, TISAX, GDPR, and other standards. 

Automated checks and documentation, a policy generator, and automated risk simulations drastically reduce manual effort. This eliminates the need for you to build your own structures, allowing you to get started immediately. 

Yes, the DCO offers Customer Success Support to guide you through the setup process. The software also empowers non-experts to implement their compliance projects independently. In this scenario, a Customer Success Manager will oversee your process. 

Furthermore, a training feature is included: InfoSec mandatory training for all employees directly on the platform. For NIS2, online training is offered for responsible managers. Dedicated expert support with a personal contact person and managed services can also be booked as an option. 

Yes, the DCO offers an integrated training feature with InfoSecMandatory training for all employees directly on the platform. The content is available in German and English. For NIS2 requirements, special online training will be offered for responsible managers.

There are three business models: 

  1. Self-service via the platform – with Customer Success Manager support for non-experts
  2. Expert-Guided with a personal consultant – dedicated expert support 
  3. Managed Service – our expert team implements for you

     

Additionally, An internal audit is bookable as an additional service, carried out independently by a separate team. Expert support for the first year provides professional guidance, instruction, and oversight in the establishment, implementation, and management of your ISMS by information security experts – unlimited within the framework provided by the platform.

There are various premium services: 

  • Additional compliance frameworks (NIS2, TISAX, ISO 27001) with policies, controls, and tasks 
  • Annual internal information security audit by certified experts 
  • Expert support for the first year – unlimited technical guidance 
  • Smart Audit – software-supported inventory to identify data protection risks with prioritised recommendations for action 
  • Vendor Risk Management for automated supplier assessments and compliance audits 

Yes, there is technical support via a ticketing system. The Comfort package includes access to certified information security experts, limited to 1 hour of service per month (hours do not roll over to subsequent months). 

Furthermore, Customer Success Support is available. The consultants are TÜV- or ISACA-certified. There is 24/7 monitoring and incident response with a response time of 2 hours for critical security incidents. 

The DCO offers an average annual system availability of 99%. Monitoring and incident response are provided 24/7. Scheduled maintenance windows take place outside business hours. 

Regular security updates and feature enhancements are carried out. The platform has a data backup concept with daily automatic backups, a recovery concept, and implemented disaster recovery mechanisms. A RAID system, UPS, fire alarm system, and backup strategy with disk mirroring are in place. 

Yes, there is a quarterly compliance newsletter. In addition, there is an information security seal for your website. Executive reports will keep you informed about the status of your ISMS.