What is the Gap-to-Certified lifecycle?

It is our proprietary methodology that takes companies from their current security posture to full certification (TISAX, ISO27001) by identifying gaps, implementing controls, and supporting the final audit.

Do you offer outsourced CISO roles?

Yes, we provide outsourced CISO, DPO, and ISMS Manager roles to help organizations maintain compliance without the overhead of full-time executive hires.

How long does TISAX labeling usually take?

The timeline varies based on maturity, but typically ranges from 4 to 9 months including gap analysis, implementation, and the final assessment audit.

Home/Services/Training & Courses

How We Can Help You

Training & Courses.

Compliance frameworks only work when the people responsible for them actually understand them. Our training programmes build genuine framework expertise — for security managers, auditors, executives, and IT teams.

Framework-expert trainers with practitioner experienceIndustry-specific courses for Automotive and Defence sectorsAvailable in-person, remote, or blended format

Build the Expertise Your Compliance Requires

The compliance gap is often a knowledge gap. Companies implement frameworks with external consultants, then fail to maintain compliance because their own team doesn't understand what they're running. This is particularly acute with TISAX (3-year recertification cycle) and ISO27001 (annual surveillance audits). Frameworks that require continuous, informed operation.

ITIS-Secure training is delivered by practitioners. People who have run TISAX assessments, conducted ISO27001 audits, and implemented NIS2 programmes for real organisations. Not academics. Not slide-deck readers. People who've seen what auditors look for and what causes non-conformities.

Whether your team needs a half-day awareness session or a full 3-day auditor certification programme, we build and deliver the course around your frameworks, your industry, and your timeline.

Training programmes available

Delivery formats

5–25

Participants per session

Our Training Programmes

Expert-led courses covering the frameworks that matter most to your industry and certification goals.

ISO27001 / ISMS Training

1–3 daysIn-person / Remote / Blended

Information Security Managers, IT Directors, Quality Managers

ISO27001:2022 standard structure and requirements
Building and maintaining an ISMS
Risk assessment methodology
Conducting internal audits
Preparing for external certification
Managing nonconformities and corrective actions

Request ISO27001 Training →

TISAX Awareness & Preparation

1–2 daysIn-person / Remote

IT teams, Quality departments, Management at automotive suppliers

VDA ISA 6.0 structure and control domains
TISAX AL1 / AL2 / AL3 differences
Evidence requirements and common non-conformities
How TISAX assessments work
Prototype protection requirements
Practical session: self-assessment walkthrough

Request TISAX Training →

NIS2 Directive Training

1 dayIn-person / Remote

C-Suite, Security Managers, Compliance Officers

NIS2 scope — essential vs. important entities
10 minimum security measures
Incident reporting obligations and timelines
Supply chain security requirements
Penalties and management liability
Gap assessment workshop

Request NIS2 Training →

GDPR & Data Privacy

Half-day to 1 dayIn-person / Remote

DPOs, HR, Marketing, Legal, IT teams

GDPR key principles and lawful bases
Data subject rights and how to handle requests
Data breach notification procedures
DPIA methodology
Vendor and processor management
Records of processing activities

Request GDPR Training →

Bespoke In-House Training

CustomIn-person preferred

Any team, any framework

Fully tailored curriculum to your frameworks and industry
Board-level awareness through to hands-on technical workshops
Real examples drawn from your environment
Gap-specific training based on audit findings
Train-the-trainer programmes available
Post-training assessment and certification of completion

Discuss Bespoke Training →

Training Formats

In-Person

Teams that benefit from interactive exercises and group discussion. Hands-on workshops and assessment simulations. We travel to your location anywhere in Europe.

Remote / Virtual

Distributed teams, international organisations, or when time constraints make travel impractical. Full course content delivered via video conference with interactive elements.

Blended

Larger organisations rolling out compliance awareness across multiple sites or departments. Self-paced online modules combined with live sessions for Q&A and practical exercises.

Who Should Attend?

Information Security Managers

Build the technical framework knowledge to implement and maintain certification programmes independently.

C-Suite & Board

Understand your legal obligations, management responsibilities, and what it means when your auditor calls.

Internal Auditors

Develop the skills to run a credible internal audit programme that genuinely prepares your organisation for external assessment.

IT Teams

Understand the technical controls your certification requires and how to implement and evidence them correctly.

Compliance & Legal Teams

Navigate GDPR, NIS2, DORA, and ITAR with the depth needed to advise leadership and manage regulatory risk.

How Our Training Works

From needs assessment to delivery and follow-up, every programme is structured to maximise knowledge transfer and practical application.

Needs Assessment

We identify your team's skill gaps, target frameworks, and learning objectives.

Curriculum Design

We build or tailor the programme to your industry, frameworks, and specific requirements.

Delivery

Expert-led sessions with interactive exercises, real-world scenarios, and practical workshops.

Follow-Up

Certificates of completion, post-training resources, and ongoing support for implementation.

Frameworks We Train On

Our training programmes cover the full spectrum of information security and compliance frameworks.

ISO27001 TISAX NIS2 DORA GDPR NIST 800-171

Frequently Asked Questions

Build a Team That Owns Your Compliance.

External consultants can implement a framework. Only your team can maintain it — and that requires real knowledge, not a certificate on the wall.