Services

Linaltec sits at the intersection of European digital identity regulation and practical application security. Drawing on hands-on product management experience with mobile application security (Cryptomathic MASC), active standards contributions (CEN TS 18297, ISO 27560), and deep understanding of the eIDAS 2.0 architecture, we help organisations build secure, standards-compliant digital identity solutions.

Who this is for

Wallet providers, national identity agencies, fintech companies, and organisations implementing eIDAS 2.0.

What we offer

• EUDI wallet security assessment and vulnerability analysis — Identify and address security gaps in your wallet implementation before they become incidents.
• Mobile application protection strategy — Practical guidance on protecting wallet apps from reverse engineering, emulator attacks, and runtime manipulation.
• Privacy-by-design consulting — Embed privacy protections into your digital wallet architecture from the ground up.
• Standards alignment advisory — Ensure your implementation meets CEN TS 18297, ISO/CEN wallet certification requirements, and eIDAS 2.0 compliance.
• Consent management implementation — Design and implement consent flows aligned with ISO/IEC 27560.
• Access control framework design — Define secure interactions between wallets and relying parties.

Why Linaltec

• Published 4-part blog series on EUDI wallet vulnerabilities (Cryptomathic)
• EIC 2025 keynote presentation on wallet access control
• Involvement in Belgium’s EUDI wallet project via Cryptomathic MASC
• Co-editor of prCEN TS 18297 (access request security controls)
• Best research paper at ENISA Annual Privacy Forum 2024

We help organisations achieve and maintain certification in information security management (ISO 27001) and business continuity management (ISO 22301), while ensuring robust data protection compliance. Our approach combines certified auditor rigour with hands-on GDPR expertise — we know what auditors and regulators look for because we are auditors and certified privacy professionals (IAPP CIPM).

Who this is for

SMEs and mid-size organisations preparing for certification, particularly in the Nordic region and the broader EU market.

What we offer

• Gap analysis and readiness assessment — Understand exactly where you stand relative to ISO 27001 and ISO 22301 requirements.
• ISMS design and documentation — Build a management system that works for your organisation, not just for the auditor.
• Internal audit preparation and mock audits — Rehearse the audit process so there are no surprises on certification day.
• Risk assessment methodology and treatment plans — Establish a structured approach to identifying, assessing, and treating information security risks.
• Business continuity planning and testing — Develop and validate continuity plans that ensure your organisation can recover from disruptions.
• GDPR compliance assessment and implementation — Evaluate your current data protection posture against GDPR requirements, identify gaps, and build a practical compliance roadmap. Covers lawful basis, data subject rights, records of processing, and cross-border transfer mechanisms.
• Data Protection Impact Assessment (DPIA) — Conduct thorough DPIAs for high-risk processing activities as required under GDPR Article 35. We help you identify privacy risks, evaluate necessity and proportionality, and define mitigation measures — whether for new systems, AI deployments, or large-scale data processing.
• Privacy management integrated with ISMS — Align your data protection programme with your information security management system so that privacy and security work together, not in silos. Leverage ISO/IEC 27701 principles alongside ISO 27001 controls.

Why Linaltec

• Certified ISO/IEC 27001 Lead Auditor
• IAPP Certified Information Privacy Manager (CIPM)
• Lead editor of ISO/IEC 27560 (consent records) — the global standard for structured consent management
• Best research paper at ENISA Annual Privacy Forum 2024 on implementing ISO 27560 for GDPR and DGA
• Hands-on experience performing privacy assessments and GDPR audits for Nordic organisations
• Deep understanding of how GDPR, ISO 27001, and ISO 27701 intersect in practice

Not every organisation needs a full-time CISO, but every organisation needs security leadership. As your virtual (fractional) Chief Information Security Officer, Linaltec provides ongoing security governance — helping you run and continuously improve your ISMS through the Plan-Do-Check-Act cycle.

Who this is for

Organisations with 50–500 employees that have achieved or are pursuing certification and need ongoing security governance without the cost of a full-time executive hire.

What we offer

• Ongoing ISMS Plan-Do-Check-Act management — Keep your management system alive and improving, not just a set of documents on a shelf.
• Security policy development and maintenance — Create, review, and update security policies as your organisation and the threat landscape evolve.
• GDPR compliance oversight and DPIA coordination — Ensure ongoing data protection compliance as your organisation evolves, including coordinating DPIAs for new processing activities and maintaining records of processing.
• Management review facilitation and reporting — Prepare and lead management reviews, translating security metrics into business language.
• Incident response coordination — Establish and manage incident response processes so your team knows what to do when something goes wrong.
• Security awareness training — Develop and deliver training programmes that build a security-conscious culture across your organisation.
• Supplier and third-party risk management — Assess and monitor the security posture of your vendors and partners.

Ready to get started?

Every engagement begins with a conversation. Get in touch to discuss your specific needs and how Linaltec can help.