Configuration without a rationale
There are policies — but not the ‘why’. In a review the auditor is left asking: who set this, when and to what end?
Where do you stand? The audit is coming —
The situation
GDPR data request, ISO certification, BAIT review, cyber insurance: what is not documented does not count.
The audit is coming —
and your documentation?
We bring your Microsoft cloud to a documented state that withstands a review — BSI-aligned, repeatably verifiable.
Familiar — and stressful.
Missing evidence
Logs are somewhere, documentation sits in old Word files, responsibilities are unclear. When it matters, the trail is missing.
Duplicate work for every audit
Every review starts with the same drama: taking screenshots, exporting lists, rebuilding something. Instead of being cleanly documented once.
Create the Standard —
document once, verify often.
We build the configuration you need and document it so that it is repeatably verifiable.
HAFN Standard Workplace
Tenant configured to BSI recommendations, every policy with a rationale, Conditional Access documented, sensitivity labels and DLP ready to use. Configuration documentation as an audit-ready document.
HAFN Betrieb Workplace
We keep your environment up to date — drift detection, monthly reports, regular permission reviews. So that the next audit needs no special effort.
Why HAFN
for compliance?
BSI-aligned
Our standard follows the recognised security recommendations of the German Federal Office for Information Security (BSI).
Audit-ready documentation
Every configuration decision with a rationale — you show the auditor the document, we show the configuration path.
Proven
We have taken the HAFN Standard through audits in the housing sector, the public sector and mid-sized industry.
Hamburg, reachable
Real phone numbers, real contacts — Mon–Fri 09:00–17:00.
Let's talk about your next review.
First conversation without obligation. We listen and tell you honestly what lies between the status quo and an audit-ready state.