Public Administration & Ministries – IT Consulting with Procurement Experience (both sides)
Excerpt of services
Public authorities, state administrations, and municipal IT service providers operate under conditions rarely encountered by private sector organizations: procurement law, political control, budgetary constraints, and increasing regulatory pressure from NIS-2 and BSI requirements. We are familiar with this environment – as consultants, project managers, and general contractors in EU-wide procurement procedures.
IT security consulting
& ISMS
Establishment and operation of ISMS according to BSI IT baseline protection and ISO 27001 – including determination of protection requirements, risk analysis and action plan for authorities and state administrations.
DevSecOps
& Secure-SDLC
Integration of security into the entire software development process: CI/CD security, SAST/DAST, threat modeling and secure code reviews according to BSI recommendations.
NIS-2 & BSI-Compliance
Gap analysis, action planning and implementation support for public authorities and IT service providers – with a focus on demonstrable results for regulatory authorities.
Procurement consulting & tendering
IT strategy for public administrations
Interim CIO /
CISO & PMO
Support for public sector clients in IT procurement according to VgV, UVgO and GWB – from the service description to the evaluation matrix.
Target vision, principles and roadmap – taking into account OZG requirements, political objectives and budgetary realities.
Taking on temporary leadership roles in government agencies and public IT organizations – with experience in political coordination processes and supplier management.
Reference excerpt
Public sector mandates are subject to a particular dynamic of confidentiality: the security architectures of state administrations and ministries are considered security-critical information under the German Federal Office for Information Security Act (BSIG). In many cases, a public reference would violate confidentiality agreements with the clients – and would be the exact opposite of what we have jointly developed. The following project summaries are completely anonymized. We provide named references with contact persons confidentially upon request within the framework of procurement procedures.
Ministry
State Ministry ·
State · NDA
ISMS Development & BSI IT Baseline Protection Certification: Project management and overall technical responsibility for the development of an ISMS according to BSI IT Baseline Protection for a state ministry with subordinate authorities – implemented in a consortium with a specialized BSI audit partner. This included determining protection requirements for over 120 IT processes, risk analysis, a policy framework, and coordinated implementation across three authorities. Management of all consortium partners and standardized reporting to the client were also key aspects. The project duration was 30 months and concluded with a positive BSI certification.
State administration
State administration ·
Multiple departments · NDA
IT Strategy & Digitalization Roadmap: Lead consulting responsibility for the development of a cross-departmental IT strategy for a state administration with over 15,000 users. Implementation in an extended project consortium with expert consultants from the fields of law, organization, and infrastructure – overall management by INTAC. Current state analysis, target vision, prioritized measures, and governance model. Consulting at the CIO level, direct coordination with the State Chancellery and Ministry of Finance. Implementation support over 24 months.
Federal authority
Federal Agency · NDA
NIS-2 Readiness & Compliance Assessment: Overall project responsibility for gap analysis and NIS-2 implementation at a federal agency with critical infrastructure-related tasks – realized jointly with a certified legal expert and a BSI-accredited auditing service provider as consortium partners. INTAC coordinated all workstreams, prepared the complete documentation for the supervisory authority, and managed communication with BSI contacts. Completion without any issues.
We are familiar with public sector clients – both as consultants and as bidders. Contact us.
– discreet, direct, without detours.