Information security law attorney

Information security law

Systematic safety: obligations, measures and evidence.

We structure information security in a legally compliant manner, covering everything from governance and ISMS to contracts, supply chains and incident response. All of these areas are tested against NIS2, ISO 27001 and BSI requirements.

Arrange an initial consultation

Challenges

Common pitfalls in information security

Regulatory framework (BSIG, NIS2, DORA, CRA, KRITIS)
Which requirements apply to your company? From when? With what evidence? What are the supervisory requirements?
Roles, responsibilities & governance
Clearly define and implement the organisation, responsibilities, policies and controls of information security.
Supply chain & Contracts
Include security obligations, audit rights, minimum standards and reporting channels in service provider, cloud & outsourcing contracts.
Incident management & Reporting obligations
Incidents must be detected, handled, and reported in a timely manner, including forensics, communication, and lessons learned.
Technical and organisational measures & evidence
Keep technical and organisational measures (TOM), training, tests (e.g. ransomware readiness) and documentation consistent and verifiable.

Relevance

Who we help and why

For CISOs, in-house lawyers, medium-sized businesses and KRITIS companies: We simplify information security law, providing clear obligations, robust contracts and resilient processes.

How we advise you

Clarity instead of risk: systematic security

Our information security law consulting services:

Regulatory mapping & applicability: classification of BSIG, NIS2, DORA, CRA and KRITIS; Obligations and schedule.
Information security governance & policies: roles, guidelines, controls, training and continuous improvement.
Risk management & ransomware readiness: risk analysis, action plans, testing and resilience.
Incident response & reporting procedures: processes, deadlines, forensics, communication and lessons learned.
Supply chain & cloud/outsourcing contracts: security requirements, audit rights, SLA and reporting clauses.
Technical & organisational measures (TOM): definition; proof of effectiveness; audit trails.
Compliance documentation & audit readiness: registers, reports, board templates and audit documents.
Awareness & training: target group-specific training (management, IT and specialist departments).
Interfaces with data protection, IT & competition law: coordinated rules for data, products and presence.
Support during proceedings: communication with supervisory authorities/BSI; statements; defence/rebuttal.

Your result

Clear measures, secure contracts, tangible solutions

You know what applies

We assign requirements such as NIS2, DORA, CRA and KRITIS, and then derive the relevant obligations and deadlines.

Your organisation is ready

We define governance, roles, policies and controls, and all of these are clearly documented.

Your contracts provide security

We incorporate security, audit and reporting obligations into contracts with cloud and service providers.

You respond confidently to incidents

We set up reporting channels, emergency processes and procedures for gathering evidence.

Your evidence will pass audits

We organise registers, reports and artefacts for internal and external audits.

Your risk decreases measurably

We prioritise measures, test ransomware readiness and close any gaps.

Free initial consultation

Prioritise your IT security in 30 minutes

Arrange your consultation today

We provide a clear overview of the scope of application, the most pressing gaps and the initial measures in a concise and practical manner.

Raphael Jünemann
Lawyer, Senior Associate | Berlin

Intro

Our motto: secure, radical, digital

SRD is the boutique law firm for digital projects, supporting you from kick-off to go-live. We combine technical innovation with compliance. We create radically clear legal scope for this.