“With DataGuard, we were able to prepare for the TISAX® re-audit within just one month, systematically resolve all deviations, and build on our existing ISMS. The clear structure, close coordination, and deep expert knowledge were key to our success.”
Michael Wulfert
Head of IT-Infrastructure
Windhoff Software Services is an IT consulting company with 280 employees and more than 25 years of experience delivering complex IT projects. The company supports organizations across industries throughout Germany, from mid-sized businesses to large enterprises. Its core focus areas include Data & Analytics and Software Engineering, supported by end-to-end services ranging from consulting and concept development to high-quality technical implementation, both on-site and remote.
Location
Germany
Company size
Small & medium business
Industry
Tech
Product
Security
Windhoff Software Services is an IT consulting company with around 280 employees. The company has no fixed industry focus, but works with demanding clients from automotive, healthcare, and the public sector. Information security is a core part of its business model.
When a re-audit for TISAX® and ISO 27001 certification were scheduled almost in parallel, Windhoff Software Services knew they had to deliver a structured implementation in a very short time without losing sight of day-to-day operations.
Windhoff Software Services has been TISAX® certified since 2019. During the re-audit in autumn, it became clear that individual deviations needed to be addressed within a very short timeframe. With the follow-up audit date already scheduled, only around one month remained to implement the necessary measures.
At the same time, Windhoff committed to completing an ISO 27001 certification within the same year at the request of a customer. Stage 1 and Stage 2 audits were also scheduled at short notice, without increasing internal headcount.
As a result, the company faced several parallel challenges:
Re-audit for TISAX® within four weeks
ISO 27001 Stage 1 and Stage 2 audits within the same year
An existing ISMS that had grown over many years and needed to be structured
Excel-based risk management that was impractical for workshops and reviews
One responsible person managing most of the implementation alongside daily operations
No room for iterations or extended preparation phases
While other providers estimated at least six months for a comparable ISO 27001 project, Windhoff needed to become operational within a significantly shorter time.
Windhoff chose DataGuard to implement the closely scheduled certifications in a structured way under significant time pressure. The key factor was the combination of deep expertise, a clearly structured platform, and the ability to guide a time-critical certification project efficiently and successfully.
For the upcoming re-audit for TISAX®, Windhoff and DataGuard deliberately followed a focused approach: build on existing security structures, prioritize deviations, and address them consistently within four weeks.
DataGuard supported Windhoff in the following ways:
Pragmatic start without a restart
Building on the existing ISMS instead of forcing an immediate migration
Close coordination with short cycles
Regular sessions with the DataGuard expert to enable fast decisions and clear priorities
Clear corrective action plan to achieve re-certification in 4 weeks
Used as the central working basis to resolve specific deviations
Ready-to-use templates
To enable fast, standard-compliant implementation
This approach allowed Windhoff to close all deviations within four weeks and successfully complete the re-audit for TISAX®.
While the re-audit for TISAX® was wrapping up, Windhoff had already begun implementing ISO 27001 requirements using the DataGuard platform.
The focus areas included:
Structured risk management
Replacing complex Excel lists with a platform-based solution suitable for workshops
Targeted policy adjustments
Aligned with DataGuard templates and ISO structure
Centralized asset management
Asset management fully built within the platform and documented in an audit-ready manner
Internal audits with audit simulations
Clear orientation through focused preparation for specific clauses and controls
The result was full transparency, clearly defined to-dos, and confidence ahead of the audits.
Through close collaboration with DataGuard, Windhoff Software Services achieved several goals in a short period of time—operationally, organizationally, and commercially.
All non-conformities were addressed systematically within one month
Re-audit completed on time without new deviations
Clear prioritization instead of isolated, ad-hoc measures
Successful achievement of ISO 27001 certification in record time
Clear structure through risk management, policies, and asset management in the platform
Internal audits provided realistic audit simulations and confidence
Excel-based processes replaced with a central, maintainable structure
Clear to-dos instead of fragmented parallel workstreams
Certifications delivered efficiently and within a very short timeframe
Retention of existing customer relationships
Fulfillment of concrete customer requirements from automotive, healthcare, and the public sector
Greater planning certainty through transparent costs and clear responsibilities
After the ISO audit in 2025, Windhoff plans to migrate its entire ISMS into the DataGuard platform. This includes:
Migrating all existing policies into the platform
Ongoing use of risk management and asset management
Regular internal audits and risk workshops
Gradual expansion of Academy usage
From 2026 onwards, Windhoff aims to move further into steady-state operations—not just passing certifications but embedding them into everyday practice. DataGuard will continue to support this journey closely and ensure that information security remains anchored and sustainable.
_EasiestSetup_EaseOfSetup.svg)
TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide Software-as-a-Service and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.
All data provided is for information only, based on internal estimates. This information is not indicative of KPIs, and is not given with any warranties or guarantees, expressly stated or implied in relation to accuracy and reliability.
{
"@context": "https://schema.org",
"@graph": [
{
"@type": "Organization",
"@id": "www.dataguard.com#organization",
"name": "DataGuard",
"legalName": "DataCo GmbH",
"description": "DataGuard, the European leader in security and compliance software, is trusted by more than 4,000 organizations across 50+ countries. We help you identify and manage your security and compliance risks and fast-track your certifications and compliance by combining expert consultancy with AI-powered automation. Our purpose-built, all-in-one platform is developed with the experience of over 1.5 million total hours by a team of certified security and compliance experts.",
"foundingDate": "2018",
"taxID": "DE315880213",
"logo": "https://7759810.fs1.hubspotusercontent-na1.net/hubfs/7759810/DataGuardLogo.svg",
"url": "www.dataguard.com",
"email": "info@dataguard.de",
"telephone": "+49 89 452459 900",
"address": {
"@type": "PostalAddress",
"streetAddress": "Sandstrasse 33",
"addressLocality": "Munich",
"addressRegion": "Bavaria",
"postalCode": "80335",
"addressCountry": "Germany"
},
"sameAs": [
"https://www.linkedin.com/company/dataguard1/",
"https://www.youtube.com/channel/UCEQzPZ6sCBCj9cAoBvaLL6w",
"https://x.com/i/flow/login?redirect_after_login=%2FDataGuard_dg"
]
}
]
}✅ Organization schema markup for "DataGuard" has been injected into the document head.