Rethinking Compliance – Modular, Collaborative, Scalable
Interview with Sascha Kreutziger, Head of Business Development at HiScout GmbH
When it comes to information security, data protection, and business continuity management, clarity, structure, and reliability are essential. This is what HiScout GmbH in Berlin stands for – with Sascha Kreutziger, Head of Business Development, as a driving force. The software company specializes in implementing complex compliance requirements with its modular GRC platform. Whether ISO 27001, IT-Grundschutz or GDPR: HiScout offers tailor-made solutions that flexibly adapt to individual needs. Thanks to user-friendly operability, intelligent automation, and consistent standard orientation, the platform becomes a real added value in the digital age.
Wirtschaftsforum: Mr. Kreutziger, cybersecurity, data protection, compliance: many companies find these topics dry or overwhelming. How does HiScout make a difference here?
Sascha Kreutziger: Our strength lies in translating complex requirements concerning information security, emergency management, and data protection into practical, digital solutions. Many organizations are still using Excel spreadsheets or paper folders – we replace such isolated solutions with an integrated GRC platform that provides clarity, makes processes efficient, and is flexible enough to adapt to individual requirements. This not only provides our customers with security but also real added value.
Wirtschaftsforum: Which topics are currently of particular focus?
Sascha Kreutziger: Legal requirements such as the EU Regulation NIS-2, the IT Security Act, or the GDPR force companies to take action. Information security and emergency management are no longer just 'nice to have', but a legal obligation. Many are not aware of how large the risks have become: keywords economic espionage or cyber attacks. Especially companies with critical infrastructure or technological lead need to secure themselves. We help them create structures to be prepared.
Wirtschaftsforum: How do you manage that with a rather small team?
Sascha Kreutziger: We rely heavily on our partner network. While HiScout itself employs around 50 people, over 500 specialists work with our solution at partner companies. This includes large consulting firms like KPMG, PwC, or CGI, as well as specialized medium-sized businesses. We offer training, certifications, and support - this is how we ensure quality and scalability. This close collaboration is a central part of our business model.
Wirtschaftsforum: How long have you been with HiScout, and what motivates you in your work?
Sascha Kreutziger: I have been here since 2013, after previously working at Microsoft in the ERP sector. I was attracted to the responsibility of working at an independent software provider. At HiScout, I have gone through many areas; today I lead the Business Development. What particularly motivates me is making organizations resilient to digital threats, such as in the current project to secure all 112 control centers in Germany. There, the societal value of our work becomes particularly tangible.
Wirtschaftsforum: How do you specifically support companies in implementing Business Continuity Management?
Sascha Kreutziger: A good example is our HiScout BCM module for Business Continuity Management. It is based on the BSI Standard 200-4 and ISO 22301.
With this, companies analyze their critical processes, resources, locations and service providers and develop emergency plans and recovery strategies based on this. This represents a real advancement especially for medium-sized enterprises. Many are building a structured emergency management system for the first time ever with our solution. Our GRC Suite is modularly structured: BCM, information security according to ISO 27001, and data protection according to ISO 27701 work seamlessly together. This way, solutions can be efficiently combined and flexibly expanded. Due to the sensitive data situation, currently about 90% of our customers opt for on-premise solutions. However, future AI applications will require cloud infrastructures. Therefore, we are developing initial cloud and AI features with pilot customers - with the utmost care, as security remains our standard.
Wirtschaftsforum: What makes HiScout successful, and what are the next steps?
Sascha Kreutziger: We listen, deliver solutions, and keep promises. Many of our large clients, such as ITZBund or Deutsche Rentenversicherung, have been with us for years. Also important is our clear role distribution: HiScout GmbH develops the software, while HiSolutions AG provides independent consulting. This builds trust: No one feels pressured, but remains free in their choice of partners. For the coming years, we have a clear goal: We want to increase our revenue to over 10 million EUR. This can only be achieved with a strong partner network. Therefore, we are specifically expanding our partner sales and investing in training, support, and joint market strategies. This creates a powerful sales structure that makes our solutions more widely available and supports our growth. An example of our approach is the HiScout BCM module. It enables companies to analyze critical processes based on BSI 200-4 and ISO 22301 and to develop emergency plans. Especially medium-sized companies often create structured emergency management for the first time with this. Our GRC Suite is modular: BCM, information security according to ISO 27001, and data protection according to ISO 27701 work seamlessly together - for more security, efficiency, and future viability.