KRITIS & BSI Expert ISO 27001 Consultant Crisis Management

Information Security with Strategy & Intellect

Andreas Rühl Consulting. Over 20 years of experience in high-security environments (Nuclear, Finance, Public Sector). BSI IT-Grundschutz, ISO 27001, and pragmatic crisis management.

Request Consultation
BSI IT-Grundschutz ISO/IEC 27001 TISAX Consulting Critical Infrastructure (KRITIS) BAFIN / MaRisk VdS 3473 Co-Author

Track Record & Projects

Selected mandates (2018–2025). Focus: Critical Infrastructure, regulated industries, and crisis management.

KRITIS & Public Sector

Nuclear Energy (2018)

ISMS Setup via BSI IT-Grundschutz

Supporting the implementation of an ISMS in a high-security environment.

Public Utilities / Stadtwerke (2023)

Cyber Security Incident Response

Operational management of a cyber attack, forensics, and recovery.

Municipal Administration (2022)

ISMS & BSI Grundschutz

Implementation of a municipal ISMS and closing security gaps after incidents.

Finance & Insurance

Insurance (2020-2021)

Security Operations Center (SOC)

Consulting and project management for building an internal SOC.

Insurance (2020)

BAFIN & Cyber Attack

Incident management and alignment with BAFIN security standards.

Insurance (2023)

Critical Infrastructure & ISO 27001

Revision of internal guidelines in the context of Critical Infrastructures.

Industry & Automotive

Software Development (2023-2025)

ISO 27001 & BSI Strategy

Extensive consulting (400 person-days) on integrating security standards.

Pharma (2018-2022)

ISMS according to ISO 27001

Long-term support in building and operating the ISMS.

Automotive (2018-2019)

TISAX Consulting

Preparation for TISAX assessments and optimization of IT security.

Andreas Rühl Consulting

Experience over Experiments.

Those ensuring security in nuclear energy, banking, or the medical sector cannot afford mistakes. For over 20 years, I have stood for IT security that is resilient, not just compliant on paper.


My Expertise:

  • Standards: BSI IT-Grundschutz, ISO/IEC 27001, Critical Infrastructure (KRITIS).
  • VdS 3473: Co-author of the guideline. Former Auditor.
  • Crisis Management: Incident Response during active attacks.
  • Roles: Interim CISO, external CISO, Project Manager.

"As a father of 10 children, I know what it means to keep an overview when things get chaotic. I bring this resilience and calm to every one of my client projects."

When do I need a BSI IT-Grundschutz Consultant?

BSI IT-Grundschutz is often mandatory for German authorities and KRITIS operators. Companies aiming for a "Gold Standard" in security also benefit from the BSI 200-x standards.

Do you support during active Cyber Attacks?

Yes. I have extensive experience in Incident Response, Forensics, and Business Recovery – even under extreme pressure.

What is the difference between ISO 27001 and VdS 3473?

ISO 27001 is the international standard. VdS 3473 (which I co-authored) is specifically tailored for SMEs to achieve a solid protection level with reasonable effort.

Get in touch

Whether it's a BSI project, ISO preparation, or an interim mandate.


A-R-C Andreas Rühl Consulting
Belziger Str. 69-71, 10823 Berlin, Germany
E-Mail: info@a-r-c.me
Mobile: +49 15679703280
LinkedIn Profile
Send E-Mail