Why we...
For over 30 years, we have been advising organizations in regulated environments – in healthcare, energy, and the public sector. Not as generalists, but with deep industry knowledge, regulatory expertise, and a clear goal: digital transformation that truly delivers results.
Digital transformation needs depth – not breadth.
There are many IT management consultancies. What sets us apart? We know the industries we work in from the inside. We understand how procurement procedures according to the German Procurement Ordinance (VgV) and the German Act Against Restraints of Competition (GWB) really work. We know the requirements of the German Federal Office for Information Security (BSI) IT Baseline Protection not just from textbooks, but from practical experience. We haven't just designed ISMS projects, but have guided them through to certification. This means for our clients: no learning curve at their expense.
No translating consultant jargon into industry reality. But rather, direct connectivity to the day the collaboration begins.
" Meet the change with enthusiasm and pragmatism
is our lived passion "
Norbert Adonis Kutscher
Three strengths our customers rely on
🔒 Regulatory depth
BSI IT Baseline Protection, NIS-2, KRITIS-VO, ISO 27001 – we know the standards and translate them into manageable measures that can withstand scrutiny.
🏛️ Awarding experience on both sides
We have formulated, evaluated and won tenders according to VgV and GWB – both as bidders and as advisors to public clients.
⚙️ Implementation skills
From the target vision to acceptance: We support transformation projects end-to-end – with classic and agile project management, interim and consulting services.
Our story
30 years of experience – our journey at a glance
What began in 1994 as a consulting firm for IT systems and implementation expertise is today a specialized partner for digital transformation in regulated industries. Every phase has shaped us – technologically, methodologically, and in our understanding of what good consulting must deliver.
1994 – 2009 Founding & Focus
INTAC was founded as an IT management consultancy specializing in process optimization and IT strategy. Early projects in the healthcare sector laid the foundation for industry specialization. Methodological expertise in IT service management and enterprise architecture was developed.
2010 – 2015 IT Security & Compliance
Building a dedicated cybersecurity portfolio in response to growing regulatory requirements for IT security. Professionalizing the ISMS offering based on BSI IT Baseline Protection (catalogs) and ISO 27001 – in the energy sector. With the IT Security Act 1.0 (2015), the first binding KRITIS obligations were introduced: INTAC systematically supports energy suppliers and hospitals in their implementation.
2016 – 2019 Critical Infrastructure Implementation, Public Sector & Procurement
IT Security Act (IT-SiG) reporting obligations take effect: INTAC undertakes critical infrastructure (KRITIS) implementation projects in the energy and healthcare sectors. In parallel: systematic development of the public sector as a third core market. Building expertise in procurement procedures according to the German Procurement Ordinance (VgV), the German Act Against Restraints of Competition (GWB), and the German Procurement Ordinance for Sub-Threshold Contracts (UVgO) – on both the contracting authority and bidder sides. The new BSI IT Baseline Protection Compendium (2018) becomes the methodological basis for all Information Security Management System (ISMS) projects. Expansion of the reference base in state administrations and municipal IT service providers.
2020 – 2023 DevSecOps, NIS-1 Compliance & AI System Integration
Expansion of the cybersecurity portfolio to include DevSecOps and Secure-SDLC (Software Development Life Cycle) – in response to increasing attacks on software supply chains. Support for NIS-1 compliance projects and preparation for NIS-2 (guideline adopted December 2022). Development of a practical AI systems integration offering with a focus on RPA and initial ML-based process automation for regulated industries.
2024 – today: Cybersecurity, trustworthy AI & digital transformation
INTAC is today an established partner for IT security consulting, DevSecOps, and trusted AI implementations in healthcare, energy, and public administration. NIS2 implementation (NIS2UmsuCG), EU AI Act, and ISO 42001 are key aspects of its current portfolio. Complex projects are managed in consortium structures as general contractors, with full responsibility for overall performance and quality.
What we do for our customers
Over three decades, we have built a portfolio that combines regulatory depth with pragmatic implementation expertise.
IT Strategy & Transformation
Target vision, gap analysis, roadmap – from analysis to implementation support.
Cybersecurity & ISMS
BSI IT Baseline Protection, ISO 27001, NIS-2 – Establishment, operation and certification of ISMS.
DevSecOps &
Secure-SDLC
Secure software development, CI/CD integration, SAST/DAST, threat modeling.
Critical Infrastructure & Regulatory
NIS-2 implementation, KRITIS-VO, IEC 62443 – industry-specific for energy and health.
AI Enabling & Governance
EU AI Act, ISO 42001, AI strategy and use case prioritization for regulated environments.
Project management
& Interim
Classic, agile, hybrid ��– CIO/CISO interim and general contracting in consortia.
AI in consulting practice
Artificial intelligence – industry-specific and regulatory-compliant. We deploy AI where it demonstrably creates added value – and help our clients consider regulatory guidelines (EU AI Act, ISO 42001) from the outset. Not a playground, but productively deployable solutions in regulated environments.
healthcare
Clinical documentation
AI-supported summarization of medical letters and findings – GDPR-compliant, integrated into HIS workflows.
Public administration
Automated process handling
NLP-based classification and forwarding of citizen inquiries – compliant with OZG and BSI IT baseline protection.
Energy & Critical Infrastructure
Anomaly detection in the OT network
Machine learning models for the early detection of cyberattacks on industrial control systems.
Comprehensive
AI Governance & Risk Management
Development of AI guidelines, risk assessment according to EU AI Act risk classes, training for managers and teams.
Do you want to understand how INTAC can support your specific project? We discuss scope, experience, and fit openly – without a sales pitch.