

Clearly regulate security in the company
Expert knowledge without staff retention
An external IPM creates transparency about cyber risks and identifies the actual dangers as well as the relevant fields of action. Risks are reduced in a targeted manner because vulnerabilities and organizational gaps are identified at an early stage – before they lead to failures, damage or loss of reputation.
Minimize management liability
The IPM documents all measures in full and justifies decisions in a comprehensible manner. For managing directors, this means a significant reduction in personal liability risk in the event of security incidents or regulatory audits.
Bundling and managing responsibility
He represents the company’s interests vis-à-vis IT service providers and ensures that security decisions are based on risk analysis and business requirements, not on product promises. Technical details are translated into understandable economic effects. Information security thus becomes measurable, controllable and a fixed management task.

Scope of services
We establish and operate your information security management system – tailored to your company size, industry and risk situation. Whether in accordance with ISO 27001 or pragmatically without certification, we adapt the ISMS flexibly to your requirements.
Our focus is on the targeted identification and minimization of your most important security risks. This includes clear guidelines, defined responsibilities as well as regular phishing tests and practical training to permanently strengthen security awareness.
We integrate information security into new IT projects right from the start to avoid expensive rework and security gaps.
In the event of an emergency, we coordinate the measures and prepare all relevant information for management and external partners in a comprehensible manner.
You receive a fixed contact person who manages your IT security issues responsibly, consistently reduces risks and prepares complex technical content clearly for the management. The collaboration is based on monthly invoicing and is designed for a term of one to three years – for long-term security and planning security.
Advantages at a glance:
Reduce liability risk
Clear documentation and structured control protect the management from personal liability.
Central control
A dedicated contact person bundles and takes responsibility for all IT security matters. Not just consulting, but with a mandate. Cheaper than a permanent employee.
Tried and tested expertise
Experience from over 400 IT security projects and various industries ensures realistic, effective solutions.
Economic security
We focus on appropriate protection instead of unrealistic full protection – with monthly billing and a flexible term of one to three years.
Our approach in six steps
Your contact persons
Security is a matter of trust. With us, you don't talk to a ticket system - you talk directly to experienced experts.

S. Philipp Kalweit is Director Strategy & Consulting with a focus on security awareness and offensive IT auditing. He has been advising SMEs and corporations for nine years, particularly in highly regulated industries. In 2019, he was honored by DIE ZEIT as “Hamburger of the Month” and included in the Forbes 30 under 30 DACH list.
S. Philipp Kalweit
Managing Partner

Dipl.-Wirtsch.-Ing. Günther Paprocki has been Managing Partner of KALWEIT ITS since May 2024. As Director HR & Operations, he is responsible for operations and personnel. With experience at Sharp, Philips and Cisco, he brings a breath of fresh air to consulting. His focus: strengthening cybersecurity in Germany.
Günther Paprocki
Managing Partner