The model begins with an analysis of the actual situation, which is procedured by an accredited consultant through a requirement analysis (questionnaire with 50 questions).

These questions concern:

  • General (e.g. size of business, number of employees…)
  • Organisational (e.g. directives, rules, instructions, responsibilities…)
  • Technical (e.g. actual IT-Systems, data backup, emergency planning…)
  • Law (e.g. Compliance and services of third parties…)


The questionnaire which is open to public can be ordered for free at

After the evaluation the accredited consultant works out an appropriate IT Security process for the company.

When the company reaches 75% of the requirements, the certificate can be issued.



After the successful implementation of ISA+Information-Security-Analysis the company receives a certificate “safe information” after ISA+ Information-Security-Analysis, valid for the next two years.