Skill ── CYBER COMPLIANCE

IT security and compliance on a consolidated data foundation.

IT security and compliance aren’t an annual audit sprint — they’re an ongoing operation. We consolidate the data flows from your operational source systems and lay the path to answers that are evidenced in five minutes, not after three weeks of Excel marathon.

Does this sound familiar?

  • Compliance runs at your place as an annual audit sprint with two officers reconciling Excel tables for three weeks — instead of as a continuous operation on a data foundation.
  • A critical vulnerability is reported. The right business unit and asset owner only become clear after research — not in five minutes.
  • The question “which applications, in which contexts, using which crypto algorithms?” has no answer that’s verifiable in half an hour today.
  • Vendor self-disclosures sit in 14 Excel variants — every vendor with their own questionnaire, every answer to be checked separately.

If more than two of these apply, a conversation is worth it.

Audit-proof, on-premise-capable, open source as the foundation — no vendor lock-in over regulated data. You run the audit, we provide the foundation for it.

What we deliver.
  • +
    Asset consolidation across all sources Multiple CMDB sources, scanners, ratings, VMS ticketing systems — each with its own truth about the same assets. We bring them together into a master view through configuration (not code releases), with asset relationships as a graph, searchable from business level down to infrastructure.
  • +
    Vendor and business-unit evaluation on one platform Third-party risk for vendors and maturity assessment of internal units on the same component — standardized self-assessments, configurable scoring, full audit trail. One data model, many evaluation grids.
  • +
    Software supply chain and crypto transitions SBOM-driven vulnerability view across the supply chain, continuous crypto and algorithm inventory, paths into upcoming post-quantum requirements. The data foundation that tells you what's in the system and what the path to the target state looks like.
Aktuelles ── Cyber Compliance: Insights & Case Studies 4 Beiträge
A DORA register, not a DORA tool
Cybercompliance ── 2026-05-20

A DORA register, not a DORA tool

A DORA third-party register doesn't require its own software, but a configured evaluation grid on a platform that scores partners and business units anyway. How a register is mapped onto OpenScorecard — and why the audit mode changes in the process.

Read More
Mosaic — asset intelligence
Cybercompliance ── 2026-05-13

Mosaic — asset intelligence

Mosaic consolidates IT asset, security, vendor and SBOM data from over 20 sources into an auditable asset graph. With a built-in AI layer for correlation and compliance statements. Apache 2.0, exit-ready, on-premise-capable.

Read More
From audit marathon to reporting pipeline
Cybercompliance ── 2026-05-06

From audit marathon to reporting pipeline

Asset inventory in twenty sources, scorings in scattered spreadsheets, compliance statements without a continuous audit path. A consolidated platform layer changes more than the effort — it changes the mode in which audits run.

Read More
Tamper-evident audit trail in practice
Cybercompliance ── 2026-04-08

Tamper-evident audit trail in practice

Classical logging is no longer enough for modern compliance requirements. Hash chain plus RFC 3161 timestamps anchor data cryptographically — against later manipulation and against 'who knew what when' debates.

Read More