How long does the Cyber Risk Check take?

The check typically takes two hours as a remote interview. Additional sessions may be scheduled for complex environments.

Which documents should we prepare?

Useful but optional: org charts, network diagrams, incident response processes, supplier lists or process maps.

Who is allowed to conduct the Cyber Risk Check?

Only providers officially qualified by the BSI. 0xda7a meets all requirements.

Does the Cyber Risk Check support NIS2 compliance?

Yes. Many organisational requirements of NIS2 align with the structure of the Cyber Risk Check.

Do you support the implementation of recommendations?

Yes. 0xda7a can support both organisational and technical implementation steps.

CyberRisikoCheck according to DIN SPEC 27076

The BSI CyberRisikoCheck is a consulting format developed by the German Federal Office for Information Security (BSI).
It provides small and medium-sized enterprises (SMEs) with a structured entry point to assess their organisation, processes and technology against common cyber risks. As an accredited service provider, 0xda7a helps you derive concrete, practical measures to improve your cyber resilience.

What is the BSI CyberRisikoCheck?#

The CyberRisikoCheck is based on a structured questionnaire with more than 100 guiding questions.
Instead of a complex audit, a certified consultant conducts an interview with executives, IT management and key stakeholders.
Together, we assess your maturity level across seven domains:

Governance & Organisation - Responsibilities, roles and management oversight
Asset & Risk Management - Identifying and prioritising critical processes, systems and suppliers
Protective Measures - Technical and organisational controls, secure configurations and access management
Detection & Monitoring - Logging, anomaly detection and indicators for security incidents
Response & Recovery - Incident response, crisis communication, backup and restoration strategies
Awareness & Training - Employee awareness, security culture and training programmes
Continuous Improvement - KPIs, lessons learned and alignment with ISO/IEC 27001, IT-Grundschutz and NIS2

The result is a BSI-compliant maturity report that clearly highlights strengths, risks and prioritised actions.

Why you should conduct a CyberRisikoCheck#

Fast clarity without administrative overhead - One interview provides you with an objective security baseline aligned with BSI standards.
Actionable recommendations instead of abstract advice - You learn which steps make the biggest impact.
Professional report for management, auditors, insurers or funding programmes - including strengths, weaknesses and priorities.
Momentum for real improvements - The Check often serves as the starting point for sustainable cyber resilience.

How the collaboration works#

Step	Activities	Result
Appointment	Select a two-hour slot where management and - if needed - IT leadership can participate. No separate kick-off is required.	Confirmed appointment and clear process information
Guided interview	We conduct the full interview based on the official BSI question set, collect context and evaluate your responses.	Maturity level per domain
Report & follow-up	You receive the PDF report with prioritised recommendations. Upon request, we review the results together.	Actionable improvement plan

Pricing#

Many providers turn the CyberRisikoCheck into an expensive “premium experience” - even though, at its core, it is a structured interview.
We prefer transparency and straightforward pricing:

€250 for a two-hour remote interview - fair, reliable and without surprises.

Your results#

Maturity assessment across all 7 BSI domains
Prioritised action plan (quick wins & strategic measures)
Management-ready PDF report delivered directly after the interview

FAQ#

How long does the CyberRisikoCheck take?

The standard format is a two-hour remote interview. If your organisation has more complex structures or additional topics arise, follow-up sessions can be arranged.

What documents should we prepare?

Useful, but not required: organisation charts, network diagrams, incident or crisis processes, supplier lists or process overviews. More context leads to more precise assessments - but you can participate without any documents at all.

Who is allowed to perform the CyberRisikoCheck?

Only service providers specifically qualified and listed by the BSI are permitted to perform the Check. 0xda7a meets these requirements and conducts the Check according to the official standard.

Is this an audit or a certification?

No. The CyberRisikoCheck is a structured interview-based assessment. It provides a maturity rating and actionable recommendations - but it is not a formal certification. However, it can significantly support preparations for ISO/IEC 27001, IT-Grundschutz or internal audits.

Does the CyberRisikoCheck help with NIS2 compliance?

Yes. Many organisational requirements of NIS2 (e.g. risk management, governance, awareness) align with the Check. The resulting recommendations can directly support your NIS2 implementation.

Do you support the implementation of the recommendations?

Absolutely. Whether you need technical measures, policies, awareness training, backup concepts or risk management - we support you if desired.

Want to benchmark your cyber resilience against BSI best practices?