How do we start working with SecTepe?

All engagements start with a free initial conversation. You then receive an offer with a clear scope of effort, timeline and outcomes. On request we start with a small pilot to build trust and experience our delivery before moving into full implementation.

What company sizes and sectors do you support?

We work with small and mid-sized businesses as well as with corporate divisions and operators of critical infrastructure (KRITIS). Our core sectors are manufacturing, trades, healthcare, financial services, energy providers, public sector and the DACH mid-market.

Do you work on site, remotely or hybrid?

Both. Assessments, consulting and most managed services run remotely from our German data centres. For on-site work (workshops, training, incident response) we are primarily active in North Rhine-Westphalia, the Rhineland and the Ruhr area and extend our radius as needed.

Which standards and regulations do you cover?

We work to ISO 27001:2022, BSI IT-Grundschutz, TISAX, B3S KRITIS, NIS2, DORA and sector-specific requirements. Our methodology is grounded in recognised frameworks such as NIST CSF, MITRE ATT&CK, OWASP and OSSTMM, combined tailored to each project.

How do you protect the confidentiality of my data?

Confidentiality is anchored contractually and technically. Before every engagement we sign a mutual non-disclosure agreement, data is processed exclusively in German data centres, access is governed by zero-trust policies with multi-factor authentication, and all employees are contractually and GDPR-compliant bound to confidentiality.

SecTepe.Core

Multi-Framework

Multi-Framework Assessments & automated roadmaps

A single assessment covers every relevant framework at once. Gap analyses, maturity scoring and an automatically generated roadmap bring clarity to complex compliance landscapes.

Request a demo

What you get

NIS2, GDPR & ISO 27001:2022
BSI IT-Grundschutz & SOC 2
HIPAA, PCI DSS, DORA
Cross-control mapping
Automated roadmap
CSV / PDF export

Features at a glance

All the building blocks you need for an efficient multi-framework assessment – in one platform.

Gap Analysis Engine

Automated comparison of the current state with target controls per framework – including a detailed deviation report.

CMMI Maturity Model

Maturity scoring from 1 to 5 – transparent, comparable and a solid base for strategic planning.

Roadmap Generator

Gaps turn into a prioritised implementation roadmap with effort estimates and milestones – automatically.

Framework Mapping

One piece of evidence, many frameworks: controls are mapped automatically to NIS2, ISO, SOC 2 and more.

Evidence Collection

Central repository for all evidence – linked to controls, versioned and with automatic expiration reminders.

Audit-ready Reports

PDF and CSV exports auditors accept – complete with logos, timestamps and signatures.

Your benefits

Instead of running parallel assessments for each framework, you run a single assessment that covers every relevant standard at once. This saves time, reduces effort and delivers consistent results.

Up to 70% less effort compared with isolated assessments
Consistent evaluation across every framework
Tamper-evident history of every assessment
Prioritised roadmap with built-in effort estimates
Ready-to-use templates for every major standard

Use cases

Initial NIS2 assessment

Critical infrastructure operators run an initial situation review and identify mandatory controls.

ISO 27001 certification prep

Gap analysis against ISO 27001:2022 plus a generated implementation plan including the Statement of Applicability.

Parallel compliance with several standards

SaaS providers cover SOC 2, ISO 27001 and GDPR in one consolidated process.

Annual reassessment

Yearly re-evaluation of every control with delta analysis versus the previous year and automated reporting.

Ready for multi-framework assessments?

See in a personal demo how SecTepe.Core consolidates and accelerates your compliance landscape.

Request a demo Back to SecTepe.Core

How we work with you

We treat every engagement as a long-term partnership rather than a one-off delivery. Our approach is organised into four clear phases so that you always know what happens when, who owns which responsibility and which outcomes you can expect.

1. Free initial conversation

We learn about your starting position, your goals and the constraints you operate under. In 30 to 45 minutes we check whether our offering fits your situation, outline possible paths and answer your questions – no obligation attached.

2. Structured assessment

We capture the current state systematically – technically, organisationally and in regulatory terms. You receive a prioritised assessment that clearly names strengths, gaps and action areas and forms the basis for a robust offer.

3. Delivery with a dedicated lead

A senior lead guides you through the delivery with clear milestones, transparent effort and cost planning and a weekly status. All results are documented and remain fully owned by you.

4. Continuous operations & review

After project close, we stay alongside you in operations – via managed-service components, regular reviews, action tracking and proactive recommendations on new threats, regulatory changes or technology shifts.

Frequently asked questions about our services

The questions we are most often asked in first conversations – answered concisely. For anything else, our team is available at hello@sectepe.de or by phone at any time.

How do we start working with SecTepe?: All engagements start with a free initial conversation. You then receive an offer with a clear scope of effort, timeline and outcomes. On request we start with a small pilot to build trust and experience our delivery before moving into full implementation.
What company sizes and sectors do you support?: We work with small and mid-sized businesses as well as with corporate divisions and operators of critical infrastructure (KRITIS). Our core sectors are manufacturing, trades, healthcare, financial services, energy providers, public sector and the DACH mid-market.
Do you work on site, remotely or hybrid?: Both. Assessments, consulting and most managed services run remotely from our German data centres. For on-site work (workshops, training, incident response) we are primarily active in North Rhine-Westphalia, the Rhineland and the Ruhr area and extend our radius as needed.
Which standards and regulations do you cover?: We work to ISO 27001:2022, BSI IT-Grundschutz, TISAX, B3S KRITIS, NIS2, DORA and sector-specific requirements. Our methodology is grounded in recognised frameworks such as NIST CSF, MITRE ATT&CK, OWASP and OSSTMM, combined tailored to each project.
How do you protect the confidentiality of my data?: Confidentiality is anchored contractually and technically. Before every engagement we sign a mutual non-disclosure agreement, data is processed exclusively in German data centres, access is governed by zero-trust policies with multi-factor authentication, and all employees are contractually and GDPR-compliant bound to confidentiality.

Book a conversation