ISMS & NIS-2 for Web Agencies

Information security. Without bureaucracy.

For teams who build websites – not paperwork.

I make your agency NIS-2 ready: a lean ISMS, clear processes and clean documentation. Audit-ready, easy to understand and actually usable in day-to-day work – without corporate overhead and without consultant theatre.

Request a non-binding consultation View details
Clear focus: web agencies, freelancers and small IT providers.

Positioning

Why work with me?

I don’t sell theory – I build systems that work.

Most ISMS offerings are built for large enterprises: heavy, abstract and far away from how a web agency actually works. I come from real practice: hosting, code, deployments, outages, clients writing on Sunday night.

That’s why I built a lean ISMS-Light specifically for web agencies and small IT teams – designed to support you, not slow you down.

Clarity instead of consultant buzzword bingo.

You don’t get 200 pages of concept nobody reads. You get clear decisions, simple processes and templates that hold up when things go wrong.

No artificial panic, no discount tricks, no marketing fireworks. Just honest, effective work.

What you get

What you actually get

Risk analysis – web agency edition

  • Focus on websites, hosting, deployments and client data
  • Typical scenarios: outages, data loss, attacks, misconfigurations
  • Lean risk matrix – audit-ready and easy to explain

2. Incident & Emergency Management that works

  • Practical incident form (e.g. ProcessWire-based)
  • Clear escalation paths and a simple 72-hour logic
  • Templates for client communication and internal documentation

3. Minimal ISMS for Agencies

  • Around 20 policies – not 200
  • Built for teams of roughly 1–12 people, not enterprises
  • Focus on access, passwords, updates, backups and subcontractors

4. Technical & organisational tools

  • Standards for hosting, deployments, admin access and monitoring
  • Requirements and checklists for freelancers and external developers
  • Base dashboard (e.g. Filament / ProcessWire) for risks, actions and incidents

Who it’s for

Who is this for?

This is for businesses that actually build digital projects – not corporate departments pushing slides.

  • web agencies and digital studios
  • freelancers responsible for hosting and operations
  • small IT providers and system houses

If you run client projects, handle data and sit in supply chains affected by NIS-2, you’re in the right place.

Not suitable if …

  • you are a large enterprise with complex governance
  • you mainly want to debate ISO certificates
  • you primarily want another PowerPoint slide for reporting

Self-check

Check: Brauchst du mich wirklich – oder geht weiterwurschteln noch durch?

NIS-2, ISMS and security questions from clients – most agencies push this aside until someone turns up the pressure.
Gehe diese Fragen noch einmal ehrlich durch. Je mehr „Ja“, desto sinnvoller ist ein Gespräch.

A. Clients & projects

B. Tech & operations

C. Organisation & responsibility

Investment

Pricing – clear and without games

No inflated headline price. No “only today” offer. Just a transparent price for real work.

ISMS-Light & NIS-2 setup for agencies
fixed price
€1,990 per year (or €190 per month)
  • full package including risk analysis, incident management and policies
  • templates, checklists and technical standards
  • support during implementation and adaptation to your daily work

Prices excl. VAT – no hidden add-ons and no forced renewals.

Request a non-binding consultation

Process

How the process works

Step 0: Intro call (approx. 30 minutes)

In the intro call there is no audit, no interrogation and no blame. We clarify three things – in about 30 minutes:

  1. Wo stehst du heute?
    Kurzüberblick über deine Rolle (Agentur, Freelancer, Subunternehmer), typische Kunden und aktuelle Baustellen.
  2. What actually hurts?
    NIS-2, security questionnaires, nervous clients, messy structures – we sort what is real risk and what is just noise.
  3. What is a sensible next step?
    Entweder: ein klares „Du brauchst mich (noch) nicht.“ Oder: ein konkreter Vorschlag, wie ein ISMS-Light oder ein NIS-2-Setup bei dir aussehen kann.

Step 1

Short initial call

In 30–45 minutes we clarify your current setup, your key clients and your pressure points (NIS-2, client requirements, insurers, etc.).

Step 2

Sorting risks & priorities

We identify key assets, risks and minimum standards – based on your real work, not on theory.

Step 3

Build documentation & processes

You receive templates, policies and workflows which we tailor and sharpen together.

Step 4

Put it into daily practice

We anchor the system in your daily routine: clear responsibilities, short routines, simple checks.

Request a non-binding consultation

Next step

Contact

You don’t want panic about NIS-2, paperwork or consultant theatre? Then let’s talk.

Or contact me directly via email or phone:
Email: heyne@henning-heyne.de
Phone: +49 160 911 57 011