Windhoff_logo

Windhoff Software Services: TISAX® in one month, ISO 27001 in record time with DataGuard

“With DataGuard, we were able to prepare for the TISAX® re-audit within just one month, systematically resolve all deviations, and build on our existing ISMS. The clear structure, close coordination, and deep expert knowledge were key to our success.”

Michael-Wulfert_Windhoff-Software-Services

Michael Wulfert

Head of IT-Infrastructure

Windhoff Software Services

Windhoff Software Services is an IT consulting company with 280 employees and more than 25 years of experience delivering complex IT projects. The company supports organizations across industries throughout Germany, from mid-sized businesses to large enterprises. Its core focus areas include Data & Analytics and Software Engineering, supported by end-to-end services ranging from consulting and concept development to high-quality technical implementation, both on-site and remote.

Location

Germany

Company size

Small & medium business

Industry

Tech

Product

Security

Re-audit for TISAX® and ISO 2700becoming audit-ready under time pressure

Windhoff Software Services is an IT consulting company with around 280 employees. The company has no fixed industry focus, but works with demanding clients from automotive, healthcare, and the public sector. Information security is a core part of its business model.

When a re-audit for TISAX® and ISO 27001 certification were scheduled almost in parallel, Windhoff Software Services knew they had to deliver a structured implementation in a very short time without losing sight of day-to-day operations.

Challenge

Windhoff Software Services has been TISAX® certified since 2019. During the re-audit in autumn, it became clear that individual deviations needed to be addressed within a very short timeframe. With the follow-up audit date already scheduled, only around one month remained to implement the necessary measures.

At the same time, Windhoff committed to completing an ISO 27001 certification within the same year at the request of a customer. Stage 1 and Stage 2 audits were also scheduled at short notice, without increasing internal headcount.

As a result, the company faced several parallel challenges:

  • Re-audit for TISAX® within four weeks

  • ISO 27001 Stage 1 and Stage 2 audits within the same year

  • An existing ISMS that had grown over many years and needed to be structured

  • Excel-based risk management that was impractical for workshops and reviews

  • One responsible person managing most of the implementation alongside daily operations

  • No room for iterations or extended preparation phases

While other providers estimated at least six months for a comparable ISO 27001 project, Windhoff needed to become operational within a significantly shorter time.

Solution

Windhoff chose DataGuard to implement the closely scheduled certifications in a structured way under significant time pressure. The key factor was the combination of deep expertise, a clearly structured platform, and the ability to guide a time-critical certification project efficiently and successfully.

TISAX®: structured remediation under intense time pressure

For the upcoming re-audit for TISAX®, Windhoff and DataGuard deliberately followed a focused approach: build on existing security structures, prioritize deviations, and address them consistently within four weeks.

DataGuard supported Windhoff in the following ways:

  • Pragmatic start without a restart
    Building on the existing ISMS instead of forcing an immediate migration

  • Close coordination with short cycles
    Regular sessions with the DataGuard expert to enable fast decisions and clear priorities

  • Clear corrective action plan to achieve re-certification in 4 weeks
    Used as the central working basis to resolve specific deviations

  • Ready-to-use templates
    To enable fast, standard-compliant implementation

This approach allowed Windhoff to close all deviations within four weeks and successfully complete the re-audit for TISAX®.

ISO 27001: preparation alongside the re-audit

While the re-audit for TISAX® was wrapping up, Windhoff had already begun implementing ISO 27001 requirements using the DataGuard platform.

The focus areas included:

  • Structured risk management
    Replacing complex Excel lists with a platform-based solution suitable for workshops

  • Targeted policy adjustments
    Aligned with DataGuard templates and ISO structure

  • Centralized asset management
    Asset management fully built within the platform and documented in an audit-ready manner

  • Internal audits with audit simulations
    Clear orientation through focused preparation for specific clauses and controls

The result was full transparency, clearly defined to-dos, and confidence ahead of the audits.

Results 

Through close collaboration with DataGuard, Windhoff Software Services achieved several goals in a short period of time—operationally, organizationally, and commercially.

Re-audit for TISAX® successfully completed

  • All non-conformities were addressed systematically within one month

  • Re-audit completed on time without new deviations

  • Clear prioritization instead of isolated, ad-hoc measures

ISO 27001: audit-ready in a short timeframe

  • Successful achievement of ISO 27001 certification in record time

  • Clear structure through risk management, policies, and asset management in the platform

  • Internal audits provided realistic audit simulations and confidence

More structure with the same resources

  • Excel-based processes replaced with a central, maintainable structure

  • Clear to-dos instead of fragmented parallel workstreams

  • Certifications delivered efficiently and within a very short timeframe

Business impact

  • Retention of existing customer relationships

  • Fulfillment of concrete customer requirements from automotive, healthcare, and the public sector

  • Greater planning certainty through transparent costs and clear responsibilities

What’s next? 

After the ISO audit in 2025, Windhoff plans to migrate its entire ISMS into the DataGuard platform. This includes:

  • Migrating all existing policies into the platform

  • Ongoing use of risk management and asset management

  • Regular internal audits and risk workshops

  • Gradual expansion of Academy usage

From 2026 onwards, Windhoff aims to move further into steady-state operationsnot just passing certifications but embedding them into everyday practice. DataGuard will continue to support this journey closely and ensure that information security remains anchored and sustainable.


🏢 Organization Schema Preview (Development Only)
{
  "@context": "https://schema.org",
  "@graph": [
    {
      "@type": "Organization",
      "@id": "www.dataguard.com#organization",
      "name": "DataGuard",
      "legalName": "DataCo GmbH",
      "description": "DataGuard, the European leader in security and compliance software, is trusted by more than 4,000 organizations across 50+ countries. We help you identify and manage your security and compliance risks and fast-track your certifications and compliance by combining expert consultancy with AI-powered automation. Our purpose-built, all-in-one platform is developed with the experience of over 1.5 million total hours by a team of certified security and compliance experts.",
      "foundingDate": "2018",
      "taxID": "DE315880213",
      "logo": "https://7759810.fs1.hubspotusercontent-na1.net/hubfs/7759810/DataGuardLogo.svg",
      "url": "www.dataguard.com",
      "email": "info@dataguard.de",
      "telephone": "+49 89 452459 900",
      "address": {
        "@type": "PostalAddress",
        "streetAddress": "Sandstrasse 33",
        "addressLocality": "Munich",
        "addressRegion": "Bavaria",
        "postalCode": "80335",
        "addressCountry": "Germany"
      },
      "sameAs": [
        "https://www.linkedin.com/company/dataguard1/",
        "https://www.youtube.com/channel/UCEQzPZ6sCBCj9cAoBvaLL6w",
        "https://x.com/i/flow/login?redirect_after_login=%2FDataGuard_dg"
      ]
    }
  ]
}

✅ Organization schema markup for "DataGuard" has been injected into the document head.