SIM3 assessment & audit
Measure the maturity of your SOC, CSIRT or CDC
We help SOC, CSIRT, and CDC leaders objectively assess the maturity, governance, and effectiveness of their cyber defense capabilities and drive continuous improvement.
500 customers place their trust in us - from startups to large companies
Objective maturity measurement instead of guesswork
How mature is your cyber defense organization?
Move beyond assumptions and gain an objective view of your SOC, CSIRT, or cyber defense center across four key maturity dimensions: organization, people, tools, and processes, based on the SIM3 (Security Incident Management Maturity Model) framework.
The result is a reliable maturity assessment that enables you to justify, prioritize, and optimize cybersecurity investments with confidence.
A prioritized roadmap instead of endless action items
Actionable recommendations that drive improvement
We objectively assess the maturity of your cyber defense organization and translate the findings into a tailored, prioritized roadmap with quick wins, mid-term improvement initiatives, and long-term strategic development measures.
This gives you a clear understanding of where gaps exist, which actions will have the greatest impact, and where investments will deliver the highest value.
Certified auditors with extensive incident response experience
Our SIM3 auditors
A formal SIM3 audit can only be conducted by certified SIM3 auditors. Across Germany, there are eleven certified auditors – two of them at HvS:
- Moritz Oettle, Head of Incident Response
- Markus Pölloth, Chief Technology Officer
With experience from more than 60 supported incidents and numerous CDC coaching engagements every year, we understand what truly matters in real-world operations.
The result: a reliable foundation for executive decision-making, regulatory requirements, and NIS-2 compliance evidence.
How effective is your incident response organization?
A SIM3 assessment provides an independent evaluation of your SOC, CSIRT, or cyber defense center and identifies concrete opportunities for improvement.
Why choose HvS for your SIM3 assessment?
Objective maturity
baseline
Objective maturity assessment for CSIRT, CDC, and SOC as a strong foundation for improvement.
Certified SIM3 auditors
HvS provides two of the eleven certified SIM3 auditors in Germany and brings more than 20 years of incident response experience.
Management- and compliance-ready
Management-ready documentation for executive leadership, audits, and regulatory oversight.
Clear priorities & targeted recommendations
Identify your key improvement levers and where investments will deliver the greatest value.
Consulting & audit from one trusted partner
From assessment to implementation with practical, actionable recommendations.
Comparability and benchmarking
Understand how your maturity level compares to peers and aligns with executive expectations.
Overview of SIM3 services
Both services are based on the same framework.
The difference lies in the depth and level of assurance – depending on whether you want to drive internal improvements or provide external evidence.
| Service | SIM3 Assessment | SIM3 Audit |
|---|---|---|
| Assessment against all 44 SIM3 parameters | structured | evidence-based |
| Interviews with relevant roles | ||
| Maturity profile across all four categories | ||
| Prioritized improvement roadmap | ||
| Management summary | ||
| Review of all parameters with documentation | ||
| Formal maturity assessment according to SIM3 | ||
| Conducted by certified SIM3 auditors | optional |
In most cases, we recommend starting with an assessment and using the audit as a formal validation step if required.
This approach gives you a clear understanding of your current maturity quickly and enables you to make an informed decision on
whether a formal SIM3 maturity attestation is needed.
Your path to a SIM3 assessment
A SIM3 assessment or audit typically takes around four weeks for the analysis phase, followed by approximately two weeks for the final report.
Ready to assess and advance your
cyber defense maturity?
Talk to our certified SIM3 auditors about your current situation and potential next steps.
FAQ
SIM3 (Security Incident Management Maturity Model) is an internationally recognized maturity model developed by the Open CSIRT Foundation. It evaluates incident response organizations across 44 parameters in four categories: organization, people, tools, and processes.
SIM3 is widely regarded as the de facto community standard and is used by TF-CSIRT/Trusted Introducer, ENISA, and FIRST. The current version explicitly covers SOCs, PSIRTs, CSIRTs, and cyber defense centers.
A SIM3 assessment provides a structured maturity baseline to support internal decision-making and continuous improvement. A SIM3 audit is a formal, evidence-based evaluation that validates maturity based on documented evidence and is conducted by certified SIM3 auditors.
In short:
- Assessment = maturity baseline and improvement roadmap.
- Audit = formal, evidence-based evaluation conducted by certified SIM3 auditors.
SIM3 is designed for organizations that operate a SOC, CSIRT, or cyber defense center – particularly in critical infrastructure, financial services, industrial environments, and large mid-sized enterprises.
Typical questions our clients seek to answer include:
- What is the actual maturity level of our SOC or cyber defense center?
- Does our organization meet the expectations of management and key stakeholders?
- Where are the greatest opportunities for organizational, process, or technology improvements?
- How can we objectively measure and demonstrate progress in our incident response capabilities?
- Which initiatives will deliver the greatest value for our continued development?
Processes alone reveal little about maturity.
SIM3 also evaluates organizational structures, roles and responsibilities, tooling, and how capabilities are implemented and operated in practice.
Typically, we need access to relevant documentation, role descriptions, process documentation, and interviews with key stakeholders.
There are no specific technical requirements for conducting the assessment.
Common standards and regulations such as ISO 27001, TISAX®, NIS2, and the GDPR require capabilities such as threat intelligence, incident detection, and incident response processes. However, they provide only limited guidance when it comes to assessing how mature and effective a cyber defense center is in practice.
This is where SIM3 adds value. It offers a dedicated maturity framework for evaluating the capabilities, governance, and operational effectiveness of SOCs, CSIRTs, and cyber defense centers, while providing governance, risk, and compliance teams with a structured approach to assessing and demonstrating compliance.
Additional services that may be relevant to you
In an IT emergency, every second counts - our incident response experts are on hand 24/7 to provide you with professional assistance. With a framework agreement, you have prioritized treatment compared to new customers.
HvS bietet Incident Response Workshops für Unternehmen und Privatpersonen: praxisnah, fundiert und mit klarem Mehrwert. Jetzt informieren.
HvS Threat Insights provides practical recommendations on cyber threats for IT security leaders. Here you can find information about the subscription.
Successfully build & optimize your Cyber Defense Center! We work with you to develop a customized CDC strategy, improve detection & response and set clear priorities for greater security.