Twenty-five officer roles. Your team or ours.

We run compliance.
You run the business.

License the workspace for your own compliance officers, or appoint ours. Either way, the evidence sits ready when the auditor calls.

Get started

Pricing on request. We'll be in touch within one business day.

CIVAC

One platform.
Twenty-five mandates.
Internal or external.
Always audit-ready.

OfficersPlatform

See both ways to land on CIVAC

Twenty-five officer roles. All live today.

Faster · Cheaper · Smarter

What you save with CIVAC, in numbers.

Concrete bandwidth back into the business. Defensible numbers, no startup-cringe. Industry benchmarks plus our own field data.

Faster−0 %

Effort per audit

Mastersheet templates plus AI drafting collapse multi-day audit prep into hours.

Cheaper−0 %

Costs vs. separate appointments

One platform for all 25 officer mandates beats 25 individual external appointments.

Faster0 h

From request to appointed officer

CIVAC SLA: contract, person, Bestellurkunde within two business days, not 2-6 weeks.

Broader0 in 1

Officer roles, one workspace

Most providers cover one role. CIVAC covers every mandatory and sector-specific officer role Germany requires.

Internal benchmark vs. typical mid-market alternatives.

ISO/IEC 27001 aligned

GDPR-native, EU hosting

25 officer roles

Appointment-ready in writing

Third-party pen-tested annually

Workflows aligned with DIN, DGUV and ISO

Compliance posture

Compliance, signed and sealed.

We hold ourselves to the same standards we ask our clients to meet. Aligned, audited, and ready for the next regulatory wave.

Aligned

ISO/IEC 27001:2022

Information security

ISMS designed and operated against the 2022 control set. Annual third-party penetration tests.

Native

GDPR · DSGVO

Data residency

Data hosted exclusively in the EU. GDPR baked in from day one, not retrofitted.

Ready

NIS-2 / §§ 30, 38 BSIG

Incident readiness

24-hour early-warning workflow plus the 72-hour incident-notification flow are part of the platform, not an add-on.

Officers and platform, one address

We supply the doctor. We supply the safety lead. We supply the platform.

Most providers sell you software and leave the appointment to you. Most consultancies appoint an officer and hand you a PDF. CIVAC does both, from the same address, with the same evidence trail.

We supply the officers

Appointed in writing. Named on your letterhead.

§ 3 ASiG

Occupational Physician

On-site checkups, workplace assessments, return-to-work cases.

Live

§ 5 ASiG · DGUV V2

Safety Specialist (SiFa)

Risk assessments, inspections, training records.

Live

§ 3 GbV

Dangerous Goods Officer

ADR documentation, transport checks, annual reports.

Live

Art. 37 GDPR

Data Protection Officer

Breach response, DPIAs, RoPA, privacy policies.

Live

Four examples shown. See the full officer inventory

Written appointment letter, signed and filed.
Quarterly report to the management board on your template.
Audit-ready log, handed to the regulator on request.

Mandate unfilled? Personal liability of management. The regulator does not read excuses, they read appointment letters.

Plus the platform around them

And every hour leaves a clean trail.

CIVAC Workspace

Tuesday, 22 April 2026

Hello, Sophie

Your situation today. Critical deadlines first, then trainings and the ongoing documentation.

Active Data Breach

Deadline in 18 h, Art. 33 GDPR

01Critical Deadlines

2 in the next 7 days

DPIA review, new HR system

in 3 days

Fire protection inspection, Building B

in 7 days

Mandatory Trainings

4 / 7

3 open for your role

Current Documentation

Q2 2026

Deadline 30 Jun, in 70 days

Based on § 5 ArbSchG, DGUV V2, Art. 37 GDPR

Audit trail by default
Every task, training and inspection is timestamped, signed and exportable the moment an inspector asks.
Trainings that actually close
Mandatory modules with a test and a certificate. Completion tracked, without chasing inboxes.
Evidence pinned to the mandate
Photos, voice notes and files land against the legal criterion they prove. No scattered folders.
Monthly report, auto-generated
The documentation officer duty stops being a week of work. It becomes one exported PDF.

Twenty-five officer rolesOne written appointmentZero binders

Why CIVAC

Compliance. Solved.

Officers carry personal liability. Everyone else still runs compliance like a filing cabinet. We run it like software. The auditor calls, the evidence is ready. Not the week after.

Explore the platform

Officer roles live today

From Data Protection to Radiation Safety, AML to ISO 27001, mandatory roles and sector-specific mandates, all covered.

Ready-to-run audit templates

Tasks, audits and document workflows, pulled from the field and tuned to § and ISO.

Single workspace for the week of an officer

No tab soup. No scattered spreadsheets. No retroactive panic.

Officer Roles

Twenty-five mandates. All live today.

Every officer role a German business might need to appoint. Some mandatory across all companies, some sector-specific. All live, all audit-ready. Appoint ours, license the platform for yours, or mix. No waiting list, no pilot. No role tagged 'coming soon'.

25 officer roles. All live today.

Live

DPO / DSB

Data Protection Officer

Data breaches, DPIAs, DPA reviews, records of processing, privacy policies. Appointed externally or handled in-house, with the 72-hour breach clock always running.

DPIABreach <72hRoPADPA review

Legal basis

Art. 37 GDPR · § 38 BDSG

Live

Compliance Officer

Policy governance, whistleblower intake, internal control system, quarterly board report. Appointed, documented, defensible under § 130 OWiG.

IDW PS 980Board reportWhistleblower§ 130 OWiG

Legal basis

IDW PS 980 · § 130 OWiG

Live

ISB / CISO

Information Security Officer (ISB / CISO)

ISO 27001:2022 ISMS ownership, NIS-2 incident reporting, KRITIS obligations. 93 controls tracked, 24-hour early-warning and 72-hour incident-notification handled, TISAX and BSI C5 delivered on request.

ISO 27001:2022Tool auditSOC2BSI C5

Legal basis

ISO/IEC 27001:2022 · §§ 30, 38 BSIG · NIS-2

Live

SiFa

Occupational Safety Specialist

Hazard assessments, site inspections, mandatory trainings, accident investigations. Appointed in writing per § 5 ASiG, documented per DGUV V2, filed in one place.

§ 5 ASiGDGUV V2§ 6 ArbSchGHazard assessment

Legal basis

§ 5 ASiG · DGUV V2 · § 6 ArbSchG

Live

BSB

Fire Safety Officer

Fire-protection orders, evacuation drills, fire-department plans per DIN 14095. DGUV-I-205-023-compliant documentation, appointed in writing, audit-ready at inspection.

DGUV I 205-023DIN 14095ASR A2.2Evacuation

Legal basis

DGUV I 205-023 · DIN 14095 · ASR A2.2

Live

GSB

Hazardous Substances Officer

Substance inventory per TRGS 400, risk assessment per § 6 GefStoffV, substitution checks. A live register that survives any Gewerbeaufsicht visit.

§ 6 GefStoffVTRGS 400TRGS 402/510Substitution

Legal basis

§ 6 GefStoffV · TRGS 400 / 402 / 510

Live

UsB

Environmental Officer

Permit management, emission reporting, waste tracking, hazardous-substance storage. Full environmental file cabinet across BImSchG, WHG, KrWG and ISO 14001.

BImSchGPermit managementISO 14001WHG

Legal basis

BImSchG · WHG · KrWG · ISO 14001

Live

GwB

Anti-Money-Laundering Officer

Risk analysis, KYC/KYB, suspicious-activity reporting to FIU. § 7 GwG appointment documented, reporting line clean, BaFin-inspection ready.

§ 7 GwGRisk analysisKYCSAR

Legal basis

§ 7 GwG · FIU reporting

Live

QMB

Quality Management Officer

Process audits, management review, CAPA, customer-complaint loop. DIN EN ISO 9001:2015 certification and recertification handled without surprises.

ISO 9001Process auditCAPAMgmt review

Supply-Chain Due-Diligence Officer

Human-rights risk analysis, preventive measures, grievance mechanism, annual BAFA report. Supply-chain due diligence on rails for any company above the LkSG thresholds.

§ 4 LkSGBAFA reportRisk analysisGrievance

Legal basis

§ 4 LkSG · BAFA reporting

Live

AGG

Equal Opportunity Officer

AGG complaints office per § 13 AGG: confidential intake, documentation, case handling. BGleiG workflows for federal bodies included.

§ 13 AGGBGleiGCase fileConfidential

Legal basis

§ 13 AGG · BGleiG

Live

Occupational Physician

Preventive checkups, workplace health assessments, return-to-work coordination, vaccination programmes. Appointed per § 3 ASiG, hours scaled to DGUV V2 headcount rules.

§ 3 ASiGDGUV V2CheckupsReturn-to-work

Dangerous Goods Officer

ADR, IMDG and IATA documentation, transport-safety checks, annual report to the operator. Appointed where transport volumes cross the § 3 GbV thresholds.

§ 3 GbVADRIMDGAnnual report

Legal basis

§ 3 GbV · ADR · GGVSEB

Live

Hygiene Officer

Hygiene plan per § 36 IfSG, infection-control audits, staff training, drinking-water sampling per TrinkwV. Mandatory in healthcare, gastronomy, kindergartens.

§ 36 IfSGWard auditTrinkwVInfection log

ESG / Sustainability Officer

Double-materiality analysis, CSRD-compliant sustainability report, ESRS data points, GHG-Protocol inventory. Responsible for the annual report management signs.

CSRDESRSDouble materialityGHG Protocol

Internal Reporting Officer

Confidential intake of whistleblower reports, case handling within the 3-month HinSchG deadline, retaliation monitoring. Independent from management reporting lines.

HinSchGWhistleblower3-month deadlineRetaliation

Legal basis

HinSchG · EU Whistleblower Directive

Live

ImB

Emission Control Officer

Emission monitoring, supervision of permit-required plants, annual report to operator management, input on notifiable plant changes. Mandatory per § 53 BImSchG.

§ 53 BImSchGEmission monitoringPermit supervisionPlant changes

Legal basis

§ 53 BImSchG

Live

Waste Officer

Waste register per AbfBeauftrV, recycling-quota monitoring, annual report to management, input on notifiable waste decisions. Required per § 59 KrWG above threshold.

§ 59 KrWGAbfBeauftrVWaste registerRecycling quota

Legal basis

§ 59 KrWG · AbfBeauftrV

Live

Water Protection Officer

Water-hazard inventory per AwSV, tank and separator inspections, leakage response, annual report. Required for facilities handling water-hazardous substances above thresholds.

§ 64 WHGAwSVTank inspectionLeakage response

Legal basis

§ 64 WHG · AwSV

Live

Emergency Response Officer

Business-continuity plans per ISO 22301, emergency drills twice yearly, crisis-team coordination, after-action reviews. Often bundled with ISO 27001 or occupational safety mandates.

ISO 22301BCM drillCrisis teamAfter-action

Legal basis

ISO 22301 · DGUV I 205-001

Live

Major Incident Officer

Safety concept per 12. BImSchV, safety analysis, incident report to Regierungspräsidium within 24 h, coordination with fire brigades. Mandatory for Seveso-tier plants.

12. BImSchVSeveso24 h reportSafety concept

Legal basis

12. BImSchV (StörfallV)

Live

StB

Radiation Protection Officer

Permits per StrlSchG, dosimeter management, staff medical screening, monthly dose reporting to BfS. Required in medical, industrial radiography and research.

StrlSchGDosimetryBfS reportStaff screening

Inclusion Officer

Coordination with the Integrationsamt, workplace-adaptation budgets, accessibility reviews, annual representation report. Required per § 181 SGB IX in most companies.

§ 181 SGB IXIntegrationsamtWorkplace adaptationAccessibility

Legal basis

§ 181 SGB IX

Live

Site Manager

Construction-site supervision per state building codes (LBO), SiGeKo role per BaustellV, DGUV-compliant safety briefings, as-built documentation. Named on the building permit.

LBOBaustellVSiGeKoAs-built

Legal basis

LBO · BaustellV · DGUV

Live

Supplier Auditor

On-site supplier audits per ISO 9001 and IATF 16949, non-conformance logs, CAPA tracking, audit report with risk score. Scheduled against a rolling three-year cycle.

ISO 9001IATF 16949CAPARisk score

Legal basis

ISO 9001 · IATF 16949

Every mandate. Every standard. Every file.

Appointed officers. Audit-verified controls.

ISO/IEC 27001:2022DIN EN ISO 9001:2015DIN EN ISO 14001DSGVO · GDPRBSI C5TISAX-readyDGUV Vorschrift 2§ 7 GwG · § 4 LkSG

Officer as a service

Two ways to land on CIVAC.

Bring your own officers, or let us bring ours. Same platform, different hand on the wheel.

The tool

Self-serve.

Your internal officers own the work. CIVAC is their single workspace for tasks, trainings, audits and documentation. We stay out of your way.

Your officers, your data, your workflow
Fastest time to value
Full 37-template library included

Most scaledFull service

Officers included.

We bring the officers too. Certified DPO, Compliance, IT Security or Occupational Safety professionals, embedded into your company and running CIVAC for you. You get the reports. We carry the work.

Certified officers from the CIVAC team and partner network
Direct reporting line to your leadership
Custom engagement model per role

Talk to us

Platform

Five pillars. One surface.

The entire week of an officer. In one place. Without the tab soup. Without the spreadsheet sprawl.

Daily workflow

Tasks

Template-first workflow. Email intake with automatic template detection. Recurring cadences so last quarter's work becomes this quarter's starting point.

Email intake37 templatesRecurring cadencesSide-rail AI

Onboarding + refreshers

Trainings

Roll out mandatory trainings with modules, a test, and a certificate. Track completion without chasing inboxes.

ModulesTest + certificateCompletion tracking

Evidence, in the moment

Audits

On-site inspections, supplier audits, DPIAs, TIAs. Reusable criteria catalogs, with photos, voice notes and files captured against each criterion.

Criteria catalogsPhotos + voiceSupplier auditsDPIA · TIA

Audit-ready by default

Documentation

A monthly workflow that pulls in your completed tasks and trainings and produces a clean, export-ready compliance record. No retroactive panic.

Monthly reportAuto-generatedExport-readyNo retro

Knowledge on tap

Questions

An AI data-protection assistant with confidence scoring, source citations and one-click escalation to external counsel when stakes are high.

Confidence scoreSource citationsCounsel escalation

Live preview

See CIVAC in action.

A real look at the workspace you walk into after sign-in. Switch between the three surfaces most officers live in.

civac.de/dashboard

Welcome back, Mr. Hoffmann

Monday, April 20, 2026

Open tasks

Due this week

Templates

Up next4

Data breach response: EU customer
Breach
Today
Review new DPA from Slack Technologies
Document
Today
Quarterly TOM inspection
Audit
Tomorrow
Sign off onboarding training batch
Training
Wed

Templates

37 templates. Already built.

Every role ships with structured templates pulled straight from the field. Groups, fields, defaults. The blank page never stops you when a breach lands at 6 PM on a Friday.

Pick once, run forever. Fill in the structured groups, save as your own.
Pin the ones you use weekly. The rest stay out of the way.
Customise, then share. Your institutional knowledge compounds.

DPO · TaskData Breach ResponseDPO · TaskDPA ReviewDPO · AuditDPIADPO · TaskPrivacy Policy UpdateDPO · TaskOnboarding CheckDPO · AuditTOM InspectionDPO · AuditCloud AuditDPO · AuditISO 27001DPO · AuditTIACompliancePolicy ReviewComplianceWhistleblower IntakeComplianceQuarterly ReportIT SecurityVendor AssessmentIT SecurityIncident ReportIT SecurityAccess ReviewSafetyHazard AssessmentSafetySite Inspection+ 20 more

From the field

CIVAC moved our DPO work from crisis mode to routine. We stopped living in the last-minute Outlook scramble.

Data Protection Officer

SaaS company, 120 employees

3 weeks of audit prep, now 4 days.

Talk to us

Compliance is personal.
So is our onboarding.

Tell us about the role you hold, the obligations that keep slipping, and the audit you're preparing for. We'll show you the parts of CIVAC that pull their weight for your week.

Direct line

info@civac.de

Write us

Open the demo workspace

Start running compliance like a product.

Two minutes from now, you're inside CIVAC. The tasks, trainings, audits and documentation of a full officer week laid out in front of you. Your competition is still opening Outlook.

Get started Talk to us

We run compliance.You run the business.

One platform.Twenty-five mandates.Internal or external.Always audit-ready.

What you save with CIVAC, in numbers.

Compliance, signed and sealed.

We supply the doctor. We supply the safety lead. We supply the platform.

Appointed in writing. Named on your letterhead.

And every hour leaves a clean trail.

Compliance. Solved.

Twenty-five mandates. All live today.

Data Protection Officer

Compliance Officer

Information Security Officer (ISB / CISO)

Occupational Safety Specialist

Fire Safety Officer

Hazardous Substances Officer

Environmental Officer

Anti-Money-Laundering Officer

Quality Management Officer

Supply-Chain Due-Diligence Officer

Equal Opportunity Officer

Occupational Physician

Dangerous Goods Officer

Hygiene Officer

ESG / Sustainability Officer

Internal Reporting Officer

Emission Control Officer

Waste Officer

Water Protection Officer

Emergency Response Officer

Major Incident Officer

Radiation Protection Officer

Inclusion Officer

Site Manager

Supplier Auditor

Appointed officers. Audit-verified controls.

Two ways to land on CIVAC.

Self-serve.

Officers included.

Five pillars. One surface.

Tasks

Trainings

Audits

Documentation

Questions

See CIVAC in action.

Welcome back, Mr. Hoffmann

37 templates. Already built.

Compliance is personal.So is our onboarding.

Start running compliance like a product.

We run compliance.
You run the business.

One platform.
Twenty-five mandates.
Internal or external.
Always audit-ready.

Compliance is personal.
So is our onboarding.