Consolidate your security
Security works when it’s coherent, not cobbled together. Address real threats, build processes that stick, and stand up to scrutiny.
We offer three models of engagement: lead your security function, build a capability your team will run, or expert input on existing or upcoming work. Delivered remotely, with on-site presence for key milestones.
vCISO
from 4,900 €/mo.
Security leadership, strategy, and oversight
See pricing →
As your virtual (also known as fractional) Chief Information Security Officer we take responsibility for security governance in your organization. This means owning strategy and policy, overseeing controls, vendors and third parties, supporting incident response on governance level, and reporting to your management. Scope can be organization-wide or limited to a specific unit.
For organizations building software products, security leadership includes secure development governance — This is particularly relevant for teams facing CRA obligations →
Who this is for ?
The service fits organisations where security have become a recurring topic. You manage security as a technological issue, but there is no dedicated program and security is not specifically addressed during strategic planning. Perhaps you’re preparing to close your first enterprise deal, or you’ve entered a regulatory scope and informal security management is not enough. You need someone competent to own the function, but you are not ready for a full-time executive.
If this scenario resonates with you, you’re at the right place.
With us you get …
Consistent security leadership and oversight, without hiring a full-time executive:
- External expertise and experience.
- Security strategy aligned with business objectives.
- Policies and controls tailored to your needs.
- A coherent program, instead of disconnected initiatives.
Governing security is primarily a risk governing function. If you lack the capability we can help.
We’re not your best choice if…
While flexible, the service fits a particular profile. We’re upfront about where we’re not the right choice:
- You’re a large enterprise needing a full-time, on-site executive.
- You have security managed, but you lack technical capacity like penetration testers or SOC analysts.
- You want someone to rubber-stamp decisions rather than challenge them.
ISMS Implementation
from 45,900 €
Build a system compliant to ISO/IEC 27001
See pricing →
A project-based engagement to build or consolidate your information security management system (ISMS). We assess your current state, identify gaps, design controls and lead you through the complete process including certification and preparing your team for ongoing operation.
Built on experience
tailored to your context
Risk-driven security that demonstrates diligence
Certification-ready
without the consultant dependency
Who this is for ?
Regardless if you are looking to get certified or not, this service is for organisations wanting to establish a proven framework for managing information security. Perhaps you’re entering a regulated market, a customer made it a requirement, your board wants to demonstrate maturity to investors, or you simply care and want to rely on proven methods. You manage the function, but need someone to establish the system.
Need only guidance?
from 9,100 €
If you already have internal capability and only need guidance on ISO/IEC 27001 requirements, we offer an advisory package in which you build the system at your own pace and we provide guidance as needed. This is based on our Review & Advice service below, but packaged to include an introduction to the framework, gap analysis, and regular check-ins.
Need something else?
If ISO/IEC 27001 certification is not your immediate priority, we can still help. Perhaps your focus is on meeting a specific regulation, or you want to establish baseline security using a control framework like CIS Controls. We can focus directly on your compliance target, and implement lean ISMS processes that give you structure without the certification overhead. Get in touch and we’ll figure it out together →
Review & Advice
On-demand expertise for specific challenges
See pricing →
Sometimes you need focused support rather than a long-term engagement. A second opinion on your methodology, a gap analysis against a framework, a maturity benchmark, preparation for a customer audit, or guidance on a specific security decision. Scoped to what you need.
About us and our approach to security
NoFuss Consulting is an independent consultancy specialising in risk and security governance. We help organisations build and operate management systems appropriate to their needs, enabling due diligence through transparency and clarity.
While having a strong technical background, years of experience in security have taught us that having a capable team or even management support is not enough. To be successful, security needs consistent governance through a management system that leads to continual improvement.
Governing security is primarily a risk governing function. Without integrating the management of security threats and opportunities together with other operational and strategic risks, security as a field has had to resort to fear mongering to get sponsorship. Sometimes this works, sometimes it doesn’t, and in either case it often impedes organisations from achieving their objectives efficiently. This is why we set out to help organisations build both their security and risk management capabilities — enabling them to make decisions based on genuine insight.
Credentials
ISO/IEC 27001 Senior Lead Implementer
Certified Information Security Manager
Certified in Risk and Information Systems Controls
Supported by our network
We work with a small network of trusted specialists that live up to our standards and can complement our services. These include lawyers focusing on EU privacy and data protection law, as well as IT architects, penetration testers and security engineers experienced in cloud and application security, which can be contracted on-demand.