The fastest path to IT-Grundschutz

Security concepts executed with precision and consistency.

Pinnipedia accelerates BSI IT-Grundschutz workflows from weeks to hours for cybersecurity consultants.

Germany-based
Telekom Cloud
Human-in-control
Audit-ready

The Problem

Manual modeling is the bottleneck

Security projects stall when dependencies and mappings must be maintained across incomplete, evolving documentation.

Structural Drift

Dependencies across processes, IT systems, and stakeholders are notoriously difficult to maintain and sync.

Propagation Errors

Propagating Protection Needs (CIA) reliably requires handling complex inheritance rules and deviations without failure.

Mapping Fatigue

Mapping IT-Grundschutz building blocks is a grind. Completeness checks often lag behind project reality.

The Standard

Designed for consultant responsibility

Pinnipedia is not a replacement, but an amplifier. It automates high-volume processing while keeping the expert in absolute control.

Traceable Logic

Every proposal and mapping is linked back to customer evidence, ensuring full audit trails and decision reasoning.

High Velocity

Reduce delivery cycles from weeks to hours with automated structural analysis and propagation.

Primary Objective

Evaluate fit for your consulting workflow. Early onboarding prioritizes structured feedback and direct pilot collaboration for Tier-1 partners.

Automation is the key to scaling security expertise

Knowledge Graph Driven

Precision through connected intelligence

Our knowledge graph captures the full complexity of IT-Grundschutz relationships—processes, applications, infrastructure, and protection needs—all interconnected with unmatched accuracy.

100% Traceable Mapping

Every relationship between Modules, protection needs, and assets is validated by multi-agent systems ensuring zero errors in complex dependency chains.

Unmatched Speed

What takes weeks with traditional tools happens in hours. Scale your client capacity without sacrificing quality.

Instant Adaptability

Policy changes, new compliance requirements, or structural updates propagate automatically through the graph with zero manual intervention.

Full Audit Trail

Every decision, mapping, and propagation is logged with complete traceability. Human oversight at every critical step.

Processes
Applications
Infrastructure
Locations

Hover over nodes to explore relationships

Core Features

End-to-End Workflow Solution

Pinnipedia structures customer evidence into a high-fidelity model, proposing traceable outputs while keeping the expert in control.

Structural Analysis

  • Ingests spreadsheets and wiki exports
  • Extracts assets and dependencies
  • Highlights logical gaps and drift

Automated Protection Needs

  • CIA seeding from processes
  • Automated propagation across dependencies
  • Rationale capture for deviations

Automated Mapping

  • Model-based Modules suggestions
  • Approval workflow for rationale
  • System-wide completeness checks

Audit Packages

  • Template-driven doc generation
  • Traceable evidence references
  • ISO 27001 audit alignment

The Blueprint

Months of work,
distilled into days.

Five distinct steps, engineered for professional review and absolute accountability.

Productive in 24 Hours

Ingest Customer Evidence

Deduplicate documents and exports into a unified structural model.

Validate Analysis

Confirm assets and roles. Delegate validation tasks with oversight.

Bridge Inconsistencies

Instantly find missing information with links to original sources.

Finalize Mappings

Approve suggested Modules with captured rationale.

Deliver Audit Package

Export submission-ready documentation for ISO certification.

Reliability First

Conservative by design: every automated output is linked to evidence and requires explicit approval.

Human Control
Expert oversight is mandatory for all meaningful changes.
Evidence-Linked
Every assertion is anchored in provided source data.

Project Artifacts

  • Structural Model
  • Asset Inventories
  • Gap Analysis
  • Protection Needs
  • Modules Rationale
  • Full Audit Package

Compliance should empower, not constrain innovation

Confidentiality

Security & Residency

Conservative German hosting, modern MFA, and granular auditability as standard.

Residency

Germany-based GmbH. SaaS hosted in Germany on Telekom Cloud.

Auditability

MFA and full activity trails for all structural changes.

Resilience

Encrypted transport/storage with professional redundancy.

Questions

Frequently Asked Questions

Professional answers for consultant requirements.

No. It automates evidence processing. Consultants remain legally and professionally responsible for all final deliverables.

All outputs are schema-validated and evidence-linked. Unsupported results are explicitly flagged for manual intervention.

Yes. Task delegation allows stakeholders to provide evidence directly while the consultant maintains control.

Available for enterprise partners via Contact Sales. Includes specialized onboarding and technical support.