Structural Drift
Dependencies across processes, IT systems, and stakeholders are notoriously difficult to maintain and sync.
The fastest path to IT-Grundschutz
Security concepts executed
with precision and consistency.
Pinnipedia accelerates BSI IT-Grundschutz workflows from weeks to hours for cybersecurity consultants.
Germany-based
Telekom Cloud
Human-in-control
Audit-ready
The Problem
Manual modeling is the bottleneck
Security projects stall when dependencies and mappings must be maintained across incomplete, evolving documentation.
Propagation Errors
Propagating Protection Needs (CIA) reliably requires handling complex inheritance rules and deviations without failure.
Mapping Fatigue
Mapping IT-Grundschutz building blocks is a grind. Completeness checks often lag behind project reality.
The Standard
Designed for consultant responsibility
Pinnipedia is not a replacement, but an amplifier. It automates high-volume processing while keeping the expert in absolute control.
Traceable Logic
Every proposal and mapping is linked back to customer evidence, ensuring full audit trails and decision reasoning.
High Velocity
Reduce delivery cycles from weeks to hours with automated structural analysis and propagation.
Primary Objective
Evaluate fit for your consulting workflow. Early onboarding prioritizes structured feedback and direct pilot collaboration for Tier-1 partners.
Knowledge Graph Driven
Precision through connected intelligence
Our knowledge graph captures the full complexity of IT-Grundschutz relationships—processes, applications, infrastructure, and protection needs—all interconnected with unmatched accuracy.
100% Traceable Mapping
Every relationship between Modules, protection needs, and assets is validated by multi-agent systems ensuring zero errors in complex dependency chains.
Unmatched Speed
What takes weeks with traditional tools happens in hours. Scale your client capacity without sacrificing quality.
Instant Adaptability
Policy changes, new compliance requirements, or structural updates propagate automatically through the graph with zero manual intervention.
Full Audit Trail
Every decision, mapping, and propagation is logged with complete traceability. Human oversight at every critical step.
Core Features
End-to-End Workflow Solution
Pinnipedia structures customer evidence into a high-fidelity model, proposing traceable outputs while keeping the expert in control.
Structural Analysis
- Ingests spreadsheets and wiki exports
- Extracts assets and dependencies
- Highlights logical gaps and drift
Automated Protection Needs
- CIA seeding from processes
- Automated propagation across dependencies
- Rationale capture for deviations
Automated Mapping
- Model-based Modules suggestions
- Approval workflow for rationale
- System-wide completeness checks
Audit Packages
- Template-driven doc generation
- Traceable evidence references
- ISO 27001 audit alignment
The Blueprint
Months of work,
distilled into days.
Five distinct steps, engineered for professional review and absolute accountability.
Productive in 24 Hours
Ingest Customer Evidence
Deduplicate documents and exports into a unified structural model.
Validate Analysis
Confirm assets and roles. Delegate validation tasks with oversight.
Bridge Inconsistencies
Instantly find missing information with links to original sources.
Finalize Mappings
Approve suggested Modules with captured rationale.
Deliver Audit Package
Export submission-ready documentation for ISO certification.
Reliability First
Conservative by design: every automated output is linked to evidence and requires explicit approval.
Human Control
Expert oversight is mandatory for all meaningful changes.
Evidence-Linked
Every assertion is anchored in provided source data.
Project Artifacts
- Structural Model
- Asset Inventories
- Gap Analysis
- Protection Needs
- Modules Rationale
- Full Audit Package
Confidentiality
Security & Residency
Conservative German hosting, modern MFA, and granular auditability as standard.
Residency
Germany-based GmbH. SaaS hosted in Germany on Telekom Cloud.
Auditability
MFA and full activity trails for all structural changes.
Resilience
Encrypted transport/storage with professional redundancy.
The Team
Meet the founders & advisors
World-class expertise in cybersecurity, AI, and compliance frameworks.
Dr. Jürgen Laartz
Co-Founder
Independent consultant with 30+ years experience including 24 years at McKinsey, leading technology consulting across Scandinavia, Germany, Eastern Europe, and Middle East. Expert in IT risk management and cybersecurity.
Prof. Dr. Gerhard Wunder
Co-Founder
Professor of Cybersecurity and Artificial Intelligence at the Free University of Berlin (funded by Bundesdruckerei GmbH), DFG Heisenberg Fellow. Research focus areas include Large Language Models (LLMs), AI explainability, privacy-preserving AI, trustworthy AI, and LLM reasoning. Visiting professor at Georgia Tech and Stanford University.
Prof. Dr. Marian Margraf
Advisor
Professor of Information Security at Freie Universität Berlin, Head of Department at Fraunhofer AISEC. Former BSI cryptologist (2003-2008) and official at BMI (2008-2013). Research: post-quantum cryptography, electronic identities, information security management.
Prof. Dr. Sören Werth
Advisor
Professor of IT Security at Berlin University of Applied Sciences and Technology. Former BSI: development of end-to-end encryption systems. Federal Ministry of Interior: IT security for business and critical infrastructure. Research: cryptography and machine learning.
Questions
Frequently Asked Questions
Professional answers for consultant requirements.
No. It automates evidence processing. Consultants remain legally and professionally responsible for all final deliverables.
All outputs are schema-validated and evidence-linked. Unsupported results are explicitly flagged for manual intervention.
Yes. Task delegation allows stakeholders to provide evidence directly while the consultant maintains control.
Available for enterprise partners via Contact Sales. Includes specialized onboarding and technical support.