Compaas supports mid-market companies with information security, cybersecurity, and IT compliance – pragmatic, cost-effective, and with a dedicated point of contact.
Laws, standards, and customer requirements are becoming more demanding – qualified specialists in information security and compliance are hard to find and retain.
Compaas takes on these topics as an external partner: structured, transparent, and without you first having to build a dedicated specialist department. You retain oversight; we deliver the specialist implementation – from analysis through implementation to audit support.
Whether your first ISO 27001 certification, ongoing GDPR maintenance, preparation for a customer audit, or compliance with new regulation such as CRA and the EU AI Act: Compaas shows clearly where action is needed, prioritises measures by risk and effort, and implements solutions that work in practice and are documented in an audit-ready manner.
The result: your organisation reliably meets requirements, your teams are not burdened with unnecessary bureaucracy – and you can focus on your core business.
"Compaas aims to relieve organisations so they can focus on their core business – with measures that actually work in day-to-day operations."
Founded by Christian Lorenz – technical and compliance expertise from a single source.
Christian Lorenz
Founder & primary contact
Compaas builds on many years of experience in software development and compliance consulting. Christian Lorenz started in the late 1990s with his first own web applications – that is where programming began. Since then, demanding, complex web applications have always been the focus. He has been self-employed since 2010, initially in software development and soon thereafter in the compliance topics that Compaas covers today.
Learn more about Compaas →Three pillars – one point of contact at Compaas.
Compaas supports mid-market companies from the initial assessment through to successful certification or customer audit preparation – with deep standards expertise, clear prioritisation, and a focus on measures that work in practice.
Learn more →
Compaas takes on legally or contractually required officer roles as an external partner – reliably, cost-effectively, and with the necessary specialist expertise.
Learn more →
From the training platform to phishing simulations and penetration testing – Compaas complements organisational compliance with technical security.
Learn more →From ISO 27001 to the EU AI Act – Compaas assesses, prioritises, and implements.
Mid-market companies face pressure from laws, industry standards, and customer requirements at the same time – often without clear prioritisation and with limited internal capacity. Compaas knows the relevant frameworks from practice: explained clearly, prioritised by risk, and implemented so measures remain sustainable in operations and audit-ready in documentation.
The international standard for information security management systems (ISMS). Compaas supports gap analyses, risk assessments, action planning, internal audits, and preparation for certification audits.
The General Data Protection Regulation requires demonstrable technical and organisational measures. Compaas assists with records of processing, data protection impact assessments, contract management, and integration into your business processes.
Whistleblower protection legislation requires many companies to establish reporting channels. Compaas advises on system selection, process design, and the appointment of a whistleblower protection officer.
The CRA introduces new requirements for manufacturers and providers of digital products with network connectivity. Compaas analyses affected product lines and supports implementation of conformity requirements.
Companies in defence supply chains face special security requirements. Compaas supports VS-NfD concepts, ITAR compliance, and preparation for official inspections.
The EU AI Act classifies AI systems by risk category and defines corresponding obligations. Compaas helps inventory AI applications and derive necessary governance measures.
Cybersecurity Maturity Model Certification is relevant for US defence contractors and their suppliers. Compaas supports determining the required maturity level and step-by-step implementation.
This standard addresses industrial automation and control systems (IACS). Compaas supports manufacturers and operators in securing OT/ICS environments per ISO 62443.
Get in touch with Compaas – personal, no obligation, and tailored to your situation.
Contact us now