OrbisGraph turns every client's documentation into an audit-ready knowledge graph. Less legwork, more parallel engagements, consistent quality across the whole portfolio.
02 / The reality
Three bottlenecks show up in every IT-Grundschutz consultancy running more than a handful of engagements at once.
01 · Structural analysis
Assets, applications, business processes, sites, roles. Every client delivers the information in its own format, often incomplete. Your senior consultants spend weeks turning Visio diagrams, CMDB exports and emails into a coherent structural analysis before the real advisory work can start.
02 · Template recycling
The market rewards throughput, so teams fall back on last year's text and swap the names. It works until an auditor spots the inconsistency between what you wrote and what the client actually runs. A security concept that doesn't reflect the real IT landscape is an audit smokescreen, not a security posture.
03 · The demand curve
With roughly 4,500 to 29,500 organisations now in scope, engagements arrive faster than the market can train senior advisors. Either your practice finds a lever that isn't tied to headcount, or you turn work away.
03 / The platform
The legwork happens once, at upload. After that, your senior consultants work with the knowledge graph rather than with Word documents and spreadsheets.
The consultant dashboard
Each engagement lives in its own workspace inside OrbisGraph. Baustein maturity, control status and evidence coverage stay live. Umsetzungstexte are generated from the knowledge graph, not recycled from templates, and every sentence cites its source.
| Client | Bausteine | Erfüllt | Open deltas | Audit window |
|---|---|---|---|---|
| Stadtwerke Nord | 68 | 92% | 14 | Q2 / 26 |
| B3S Finanzdienste | 94 | 86% | 41 | Q2 / 26 |
| LKH Westfalen | 52 | 64% | 88 | Q3 / 26 |
| Landesbetrieb IT | 71 | 79% | 32 | Q4 / 26 |
01 · Client intake
Organisational descriptions, Visio network diagrams, CMDB exports, asset inventories, role matrices. Whatever the client already has. OrbisGraph ingests the lot, isolates each file per-client, and starts parsing while your consultants scope the kickoff.
Measured on the same engagement
04 / Your practice
Each client gets its own working area inside OrbisGraph. Data stays cleanly separated, your methodology stays consistent across engagements. You bring the advisory posture; OrbisGraph provides the structure your senior consultants would otherwise rebuild by hand on every new engagement.
Your methodology
OrbisGraph adapts to how your practice works, not the other way around. Rule sets calibrate to your own risk methodology, and reports come out in your format, with your logic, not a generic template. The whole portfolio lives in one surface, so moving between engagements is a tab, not a reload.
05 / Frameworks
OrbisGraph runs on BSI IT-Grundschutz today and is prepared for Grundschutz++. ISO 27001 is next; the knowledge graph keeps absorbing new standards as they ship.
BSI IT-Grundschutz on the current Kompendium. Baustein modelling, requirement mapping, Umsetzungstext generation, Grundschutz-Check export.
Architecture note.Architecture is JSON/OSCAL-native. The move to Grundschutz++ is a serialisation exercise, not a rebuild.
ISO 27001 and 27002 on the same graph structure. Controls, Statement of Applicability, evidence mapping. For clients whose primary path is ISO, from the same platform.
06 / Future-proof
Grundschutz++ replaces document-centric compliance with machine-readable, structured data. Tools built on today's paradigm will need to be replaced when the transition arrives. OrbisGraph is built for the next generation. Engagements you run in OrbisGraph today convert without a rebuild.
Full Grundschutz++ briefing07 / Credibility
Sovereign German hosting. Your clients' data stays in Germany, on Deutsche Telekom Cloud.
Platform detailsExtraction quality is independently validated by cybersecurity researchers at Freie Universität Berlin.
Platform detailsFounded by cryptography, AI, and cybersecurity researchers. German GmbH, headquartered in Berlin.
Meet the team08 / From the field
“This is the first time I see somebody turning this honestly big piece of gold that's just so overwhelming that nobody can practically use it into something that actually does make sense.”MD · Cybersecurity ConsultancyFortune-500 Clients
“A major unlock, freeing up capacity for the things people actually enjoy and where they're adding real value, versus just feeding some compliance machine.”MD · Cybersecurity ConsultancyDACH Enterprise Clients
“Using the graph for establishing the ground truth, getting out of the tacit knowledge trap, and then scaling it. Once you have this, you can really increase speed. And you keep it consistent.”Strategic Cooperation · Defence IT Provider7,000+ Employees
“If you're able to do that at that quality level, the extractions, and being able to say this is not just what you have but the preparation of what's missing, that has massive value.”CEO · DACH Cybersecurity Consultancy100+ Employees
Schedule a call to explore how OrbisGraph fits into your engagement model. We show the product on a sample dossier and answer the integration questions your senior consultants will want to ask.