Twenty-five officer roles, all live todayArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:202237 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwideTwenty-five officer roles, all live todayArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:202237 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide
civac.
ENDE
Sign in or register
Twenty-five officer roles. Your team or ours.

We run compliance.
You run the business.

License the workspace for your own compliance officers, or appoint ours. Either way, the evidence sits ready when the auditor calls.

Sign in or registerSee the platform

No credit card. Demo workspace opens in seconds.

CIVAC

One platform.
Twenty-five mandates.
Internal or external.
Always audit-ready.

OfficersPlatform
See both ways to land on CIVAC
Twenty-five officer roles. All live today.
ISO/IEC 27001 aligned
GDPR-native, EU hosting
25 officer roles
Appointment-ready in writing
Third-party pen-tested annually
Workflows aligned with DIN, DGUV and ISO
Officers and platform, one address

We supply the doctor. We supply the safety lead. We supply the platform.

Most providers sell you software and leave the appointment to you. Most consultancies appoint an officer and hand you a PDF. CIVAC does both, from the same address, with the same evidence trail.

We supply the officers

Appointed in writing. Named on your letterhead.

§ 3 ASiG
Occupational Physician
On-site checkups, workplace assessments, return-to-work cases.
Live
§ 5 ASiG · DGUV V2
Safety Specialist (SiFa)
Risk assessments, inspections, training records.
Live
§ 3 GbV
Dangerous Goods Officer
ADR documentation, transport checks, annual reports.
Live
Art. 37 GDPR
Data Protection Officer
Breach response, DPIAs, RoPA, privacy policies.
Live
Four examples shown. See the full officer inventory
  • Written appointment letter, signed and filed.
  • Quarterly report to the management board on your template.
  • Audit-ready log, handed to the regulator on request.
Mandate unfilled? Personal liability of management. The regulator does not read excuses, they read appointment letters.
Plus the platform around them

And every hour leaves a clean trail.

CIVAC Workspace
Tuesday, 22 April 2026
Hello, Sophie
Your situation today. Critical deadlines first, then trainings and the ongoing documentation.
Active Data Breach
Deadline in 18 h, Art. 33 GDPR
01Critical Deadlines
2 in the next 7 days
DPIA review, new HR system
in 3 days
Fire protection inspection, Building B
in 7 days
Mandatory Trainings
4 / 7
3 open for your role
Current Documentation
Q2 2026
Deadline 30 Jun, in 70 days
Based on § 5 ArbSchG, DGUV V2, Art. 37 GDPR
  • Audit trail by default
    Every task, training and inspection is timestamped, signed and exportable the moment an inspector asks.
  • Trainings that actually close
    Mandatory modules with a test and a certificate. Completion tracked, without chasing inboxes.
  • Evidence pinned to the mandate
    Photos, voice notes and files land against the legal criterion they prove. No scattered folders.
  • Monthly report, auto-generated
    The documentation officer duty stops being a week of work. It becomes one exported PDF.
Twenty-five officer rolesOne written appointmentZero binders
Why CIVAC

Compliance. Solved.

Officers carry personal liability. Everyone else still runs compliance like a filing cabinet. We run it like software. The auditor calls, the evidence is ready. Not the week after.

Explore the platform
25
Officer roles live today
From Data Protection to Radiation Safety, AML to ISO 27001, mandatory roles and sector-specific mandates, all covered.
37
Ready-to-run audit templates
Tasks, audits and document workflows, pulled from the field and tuned to § and ISO.
1
Single workspace for the week of an officer
No tab soup. No scattered spreadsheets. No retroactive panic.
Officer Roles

Twenty-five mandates. All live today.

Every officer role a German business might need to appoint. Some mandatory across all companies, some sector-specific. All live, all audit-ready. Appoint ours, license the platform for yours, or mix. No waiting list, no pilot. No role tagged 'coming soon'.

Live
DPO / DSB

Data Protection Officer

Data breaches, DPIAs, DPA reviews, records of processing, privacy policies. Appointed externally or handled in-house, with the 72-hour breach clock always running.

DPIABreach <72hRoPADPA review
Legal basis
Art. 37 GDPR · § 38 BDSG
Live
CO

Compliance Officer

Policy governance, whistleblower intake, internal control system, quarterly board report. Appointed, documented, defensible under § 130 OWiG.

IDW PS 980WhistleblowerICS§ 130 OWiG
Legal basis
IDW PS 980 · § 130 OWiG
Live
ISB / CISO

Information Security Officer (ISB / CISO)

ISO 27001:2022 ISMS ownership, NIS-2 incident reporting, KRITIS obligations. 93 controls tracked, 24-hour early-warning and 72-hour incident-notification handled, TISAX and BSI C5 delivered on request.

ISO 27001:2022NIS-2KRITISTISAX
Legal basis
ISO/IEC 27001:2022 · §§ 30, 38 BSIG · NIS-2
Live
SiFa

Occupational Safety Specialist

Hazard assessments, site inspections, mandatory trainings, accident investigations. Appointed in writing per § 5 ASiG, documented per DGUV V2, filed in one place.

§ 5 ASiGDGUV V2§ 6 ArbSchGHazard log
Legal basis
§ 5 ASiG · DGUV V2 · § 6 ArbSchG
Live
BSB

Fire Safety Officer

Fire-protection orders, evacuation drills, fire-department plans per DIN 14095. DGUV-I-205-023-compliant documentation, appointed in writing, audit-ready at inspection.

DGUV I 205-023DIN 14095ASR A2.2Evacuation
Legal basis
DGUV I 205-023 · DIN 14095 · ASR A2.2
Live
GSB

Hazardous Substances Officer

Substance inventory per TRGS 400, risk assessment per § 6 GefStoffV, substitution checks. A live register that survives any Gewerbeaufsicht visit.

§ 6 GefStoffVTRGS 400TRGS 402/510Substitution
Legal basis
§ 6 GefStoffV · TRGS 400 / 402 / 510
Live
UsB

Environmental Officer

Permit management, emission reporting, waste tracking, hazardous-substance storage. Full environmental file cabinet across BImSchG, WHG, KrWG and ISO 14001.

BImSchGWHGKrWGISO 14001
Legal basis
BImSchG · WHG · KrWG · ISO 14001
Live
GwB

Anti-Money-Laundering Officer

Risk analysis, KYC/KYB, suspicious-activity reporting to FIU. § 7 GwG appointment documented, reporting line clean, BaFin-inspection ready.

§ 7 GwGRisk analysisKYCSAR
Legal basis
§ 7 GwG · FIU reporting
Live
QMB

Quality Management Officer

Process audits, management review, CAPA, customer-complaint loop. DIN EN ISO 9001:2015 certification and recertification handled without surprises.

ISO 9001Process auditCAPAMgmt review
Legal basis
DIN EN ISO 9001:2015
Live
LkSG

Supply-Chain Due-Diligence Officer

Human-rights risk analysis, preventive measures, grievance mechanism, annual BAFA report. Supply-chain due diligence on rails for any company above the LkSG thresholds.

§ 4 LkSGBAFA reportRisk analysisGrievance
Legal basis
§ 4 LkSG · BAFA reporting
Live
AGG

Equal Opportunity Officer

AGG complaints office per § 13 AGG: confidential intake, documentation, case handling. BGleiG workflows for federal bodies included.

§ 13 AGGBGleiGCase fileConfidential
Legal basis
§ 13 AGG · BGleiG
Live
BA

Occupational Physician

Preventive checkups, workplace health assessments, return-to-work coordination, vaccination programmes. Appointed per § 3 ASiG, hours scaled to DGUV V2 headcount rules.

§ 3 ASiGDGUV V2CheckupsReturn-to-work
Legal basis
§ 3 ASiG · DGUV V2
Live
GGB

Dangerous Goods Officer

ADR, IMDG and IATA documentation, transport-safety checks, annual report to the operator. Appointed where transport volumes cross the § 3 GbV thresholds.

§ 3 GbVADRIMDGAnnual report
Legal basis
§ 3 GbV · ADR · GGVSEB
Live
HB

Hygiene Officer

Hygiene plan per § 36 IfSG, infection-control audits, staff training, drinking-water sampling per TrinkwV. Mandatory in healthcare, gastronomy, kindergartens.

§ 36 IfSGTrinkwVInfection logStaff training
Legal basis
IfSG · TrinkwV
Live
ESG

ESG / Sustainability Officer

Double-materiality analysis, CSRD-compliant sustainability report, ESRS data points, GHG-Protocol inventory. Responsible for the annual report management signs.

CSRDESRSDouble materialityGHG Protocol
Legal basis
CSRD · ESRS · LkSG
Live
IMB

Internal Reporting Officer

Confidential intake of whistleblower reports, case handling within the 3-month HinSchG deadline, retaliation monitoring. Independent from management reporting lines.

HinSchGCase file3-month deadlineIndependent
Legal basis
HinSchG · EU Whistleblower Directive
Live
ImB

Emission Control Officer

Emission monitoring, supervision of permit-required plants, annual report to operator management, input on notifiable plant changes. Mandatory per § 53 BImSchG.

§ 53 BImSchGEmission logAnnual reportPlant supervision
Legal basis
§ 53 BImSchG
Live
AB

Waste Officer

Waste register per AbfBeauftrV, recycling-quota monitoring, annual report to management, input on notifiable waste decisions. Required per § 59 KrWG above threshold.

§ 59 KrWGAbfBeauftrVWaste registerAnnual report
Legal basis
§ 59 KrWG · AbfBeauftrV
Live
GB

Water Protection Officer

Water-hazard inventory per AwSV, tank and separator inspections, leakage response, annual report. Required for facilities handling water-hazardous substances above thresholds.

§ 64 WHGAwSVTank inspectionAnnual report
Legal basis
§ 64 WHG · AwSV
Live
NB

Emergency Response Officer

Business-continuity plans per ISO 22301, emergency drills twice yearly, crisis-team coordination, after-action reviews. Often bundled with ISO 27001 or occupational safety mandates.

ISO 22301BCM drillCrisis teamAfter-action
Legal basis
ISO 22301 · DGUV I 205-001
Live
SB

Major Incident Officer

Safety concept per 12. BImSchV, safety analysis, incident report to Regierungspräsidium within 24 h, coordination with fire brigades. Mandatory for Seveso-tier plants.

12. BImSchVSeveso24 h reportSafety concept
Legal basis
12. BImSchV (StörfallV)
Live
StB

Radiation Protection Officer

Permits per StrlSchG, dosimeter management, staff medical screening, monthly dose reporting to BfS. Required in medical, industrial radiography and research.

StrlSchGDosimetryBfS reportStaff screening
Legal basis
StrlSchG · StrlSchV
Live
InkB

Inclusion Officer

Coordination with the Integrationsamt, workplace-adaptation budgets, accessibility reviews, annual representation report. Required per § 181 SGB IX in most companies.

§ 181 SGB IXIntegrationsamtAccessibilityAnnual report
Legal basis
§ 181 SGB IX
Live
BL

Site Manager

Construction-site supervision per state building codes (LBO), SiGeKo role per BaustellV, DGUV-compliant safety briefings, as-built documentation. Named on the building permit.

LBOBaustellVSiGeKoAs-built
Legal basis
LBO · BaustellV · DGUV
Live
LA

Supplier Auditor

On-site supplier audits per ISO 9001 and IATF 16949, non-conformance logs, CAPA tracking, audit report with risk score. Scheduled against a rolling three-year cycle.

ISO 9001IATF 16949CAPARisk score
Legal basis
ISO 9001 · IATF 16949
Every mandate. Every standard. Every file.

Appointed officers. Audit-verified controls.

ISO/IEC 27001:2022DIN EN ISO 9001:2015DIN EN ISO 14001DSGVO · GDPRBSI C5TISAX-readyDGUV Vorschrift 2§ 7 GwG · § 4 LkSG
Officer as a service

Two ways to land on CIVAC.

Bring your own officers, or let us bring ours. Same platform, different hand on the wheel.

The tool

Self-serve.

Your internal officers own the work. CIVAC is their single workspace for tasks, trainings, audits and documentation. We stay out of your way.

  • Your officers, your data, your workflow
  • Fastest time to value
  • Full 37-template library included
Most scaledFull service

Officers included.

We bring the officers too. Certified DPO, Compliance, IT Security or Occupational Safety professionals, embedded into your company and running CIVAC for you. You get the reports. We carry the work.

  • Certified officers from the CIVAC team
  • Direct reporting line to your leadership
  • Custom engagement model per role
Talk to us
Platform

Five pillars. One surface.

The entire week of an officer. In one place. Without the tab soup. Without the spreadsheet sprawl.

Daily workflow

Tasks

Template-first workflow. Email intake with automatic template detection. Recurring cadences so last quarter's work becomes this quarter's starting point.

Email intake37 templatesRecurring cadencesSide-rail AI
Onboarding + refreshers

Trainings

Roll out mandatory trainings with modules, a test, and a certificate. Track completion without chasing inboxes.

ModulesTest + certificateCompletion tracking
Evidence, in the moment

Audits

On-site inspections, supplier audits, DPIAs, TIAs. Reusable criteria catalogs, with photos, voice notes and files captured against each criterion.

Criteria catalogsPhotos + voiceSupplier auditsDPIA · TIA
Audit-ready by default

Documentation

A monthly workflow that pulls in your completed tasks and trainings and produces a clean, export-ready compliance record. No retroactive panic.

Monthly reportAuto-generatedExport-readyNo retro
Knowledge on tap

Questions

An AI data-protection assistant with confidence scoring, source citations and one-click escalation to external counsel when stakes are high.

Confidence scoreSource citationsCounsel escalation
Live preview

See CIVAC in action.

A real look at the workspace you walk into after sign-in. Switch between the three surfaces most officers live in.

civac.de/dashboard

Welcome back, Mr. Hoffmann

Monday, April 20, 2026
12
Open tasks
4
Due this week
37
Templates
Up next4
  • Data breach response: EU customer
    Breach
    Today
  • Review new DPA from Slack Technologies
    Document
    Today
  • Quarterly TOM inspection
    Audit
    Tomorrow
  • Sign off onboarding training batch
    Training
    Wed
Templates

37 templates. Already built.

Every role ships with structured templates pulled straight from the field. Groups, fields, defaults. The blank page never stops you when a breach lands at 6 PM on a Friday.

  • Pick once, run forever. Fill in the structured groups, save as your own.
  • Pin the ones you use weekly. The rest stay out of the way.
  • Customise, then share. Your institutional knowledge compounds.
DPO · TaskData Breach ResponseDPO · TaskDPA ReviewDPO · AuditDPIADPO · TaskPrivacy Policy UpdateDPO · TaskOnboarding CheckDPO · AuditTOM InspectionDPO · AuditCloud AuditDPO · AuditISO 27001DPO · AuditTIACompliancePolicy ReviewComplianceWhistleblower IntakeComplianceQuarterly ReportIT SecurityVendor AssessmentIT SecurityIncident ReportIT SecurityAccess ReviewSafetyHazard AssessmentSafetySite Inspection+ 20 more
From the field
CIVAC moved our DPO work from crisis mode to routine. We stopped living in the last-minute Outlook scramble.
Data Protection Officer
SaaS company, 120 employees
3 weeks of audit prep, now 4 days.
Talk to us

Compliance is personal.
So is our onboarding.

Tell us about the role you hold, the obligations that keep slipping, and the audit you're preparing for. We'll show you the parts of CIVAC that pull their weight for your week.

Direct line
Email
info@civac.de
CIVAC is a brand of CITO Holding Gruppe GmbH.
CITO GmbH · Jungfrauenthal 8 · 20149 Hamburg
Write us
Open the demo workspace

Start running compliance like a product.

Two minutes from now, you're inside CIVAC. The tasks, trainings, audits and documentation of a full officer week laid out in front of you. Your competition is still opening Outlook.

Sign in or registerTalk to us