ISMS Management in one platform
SecTepe.Core brings every ISMS building block into one platform: assets, risks, policies, controls and audits – versioned, linked and always audit-ready.
What you get
- Asset lifecycle
- Risk register with CVSS
- Policy repository
- Control monitoring
- Audit workspace
- Evidence linking
Features at a glance
Every ISMS building block in one integrated platform – from asset to audit.
Asset Lifecycle Management
Record, classify and track every asset across its entire lifecycle – from procurement to decommissioning.
Risk Register
Central risk register with CVSS scoring, heat map, treatment plans and an approval workflow.
Policy Management
Create, approve, publish and revise policies – including read receipts and automated review cycles.
Control Tracking
Monitor the operational state of every control with owners, evidence and automated reminders.
Audit Collaboration
Shared audit workspace for auditors, consultants and internal teams – with tasks, chats and an evidence vault.
Reporting & KPIs
Dashboards for management, audit and operations – with KPIs, trends and export capabilities.
Your benefits
A fragmented tool landscape slows your ISMS down. SecTepe.Core consolidates every module into one platform – so your team spends less time switching tools and more time on security.
- One source of truth for assets, risks and controls
- Linked data: evidence, risks and controls cross-reference each other
- Audit-ready thanks to full versioning and history
- Less manual work through automated reminders and workflows
- Transparent dashboards for management and audit
Use cases
ISO 27001 operations
Run the full Plan-Do-Check-Act cycle in a single tool – from risk treatment through management review.
Audit preparation
Provide auditors with a dedicated workspace complete with evidence, controls and audit trail.
Incident & risk follow-up
Feed incidents into the risk register automatically and track treatments through completion.
Management reporting
Monthly management reports with KPIs, open risks and control effectiveness – generated automatically.
Ready for integrated ISMS management?
See how SecTepe.Core streamlines your ISMS and keeps it audit-ready at all times.
How we work with you
We treat every engagement as a long-term partnership rather than a one-off delivery. Our approach is organised into four clear phases so that you always know what happens when, who owns which responsibility and which outcomes you can expect.
1. Free initial conversation
We learn about your starting position, your goals and the constraints you operate under. In 30 to 45 minutes we check whether our offering fits your situation, outline possible paths and answer your questions – no obligation attached.
2. Structured assessment
We capture the current state systematically – technically, organisationally and in regulatory terms. You receive a prioritised assessment that clearly names strengths, gaps and action areas and forms the basis for a robust offer.
3. Delivery with a dedicated lead
A senior lead guides you through the delivery with clear milestones, transparent effort and cost planning and a weekly status. All results are documented and remain fully owned by you.
4. Continuous operations & review
After project close, we stay alongside you in operations – via managed-service components, regular reviews, action tracking and proactive recommendations on new threats, regulatory changes or technology shifts.
Frequently asked questions about our services
The questions we are most often asked in first conversations – answered concisely. For anything else, our team is available at hello@sectepe.de or by phone at any time.
- How do we start working with SecTepe?
- All engagements start with a free initial conversation. You then receive an offer with a clear scope of effort, timeline and outcomes. On request we start with a small pilot to build trust and experience our delivery before moving into full implementation.
- What company sizes and sectors do you support?
- We work with small and mid-sized businesses as well as with corporate divisions and operators of critical infrastructure (KRITIS). Our core sectors are manufacturing, trades, healthcare, financial services, energy providers, public sector and the DACH mid-market.
- Do you work on site, remotely or hybrid?
- Both. Assessments, consulting and most managed services run remotely from our German data centres. For on-site work (workshops, training, incident response) we are primarily active in North Rhine-Westphalia, the Rhineland and the Ruhr area and extend our radius as needed.
- Which standards and regulations do you cover?
- We work to ISO 27001:2022, BSI IT-Grundschutz, TISAX, B3S KRITIS, NIS2, DORA and sector-specific requirements. Our methodology is grounded in recognised frameworks such as NIST CSF, MITRE ATT&CK, OWASP and OSSTMM, combined tailored to each project.
- How do you protect the confidentiality of my data?
- Confidentiality is anchored contractually and technically. Before every engagement we sign a mutual non-disclosure agreement, data is processed exclusively in German data centres, access is governed by zero-trust policies with multi-factor authentication, and all employees are contractually and GDPR-compliant bound to confidentiality.