BSG Repräsentanz Deutschland: Was Unternehmen bei Sicherheits- und Ermittlungsanfragen wirklich vorbereiten sollten

By /

By Felix Rowan | Updated May 20, 2026

If your first security call begins with “it’s complicated,” you are already paying for the mess. Most delays come from missing facts, unclear authority, and document chaos, not from some mysterious lack of provider effort.

For broader planning context, teams can compare guidance from SBA business guide before choosing a workflow.

Companies usually arrive at this topic carrying the same questions in different folders. What should we collect before we contact a provider? Are we asking for a security assessment, investigation support, protective services, or something closer to relocation planning? What can be shared safely, what should stay restricted, and who inside the company is actually allowed to approve the next step?

This guide is for companies dealing with a Germany-based representation or office context and needing a cleaner first briefing. It fits the broader positioning on the Home page, the background on About, and the service categories on Services. The point is not drama. The point is to stop scope drift before it starts.

What follows is a practical intake package you can copy into an internal working document: define the request, split company context from incident evidence, map people and access, set conservative compliance boundaries, run a 20-minute briefing structure, and know what typically happens next. Dry? Yes. Useful? Also yes. Boring process discipline regularly beats loud improvisation.

Related implementation details are also covered in Google Business Profile Help, which helps keep tool decisions grounded in established practices.

Team reviewing an intake checklist for security and investigation preparation.
Use a neutral working copy for intake reviews. Blur or remove sensitive text, names, account numbers, and live case details before sharing materials outside the core team.

Terminology: check the boring thing first

Teams lose time because they use one label for five different requests. Rule that out first.

  • Security or risk assessment: a structured review of people, sites, processes, routes, exposures, and current controls.
  • Investigation support: fact-finding and case support around a defined issue, incident pattern, or evidence trail.
  • Protective services: support focused on people, meetings, travel, site presence, or other protective measures.
  • Relocation or safe house support: temporary movement and protected accommodation planning when circumstances justify it.
  • Scoping: the step where the provider tests what you need, what you can supply, and what constraints exist before anyone pretends the work is simple.

If your request mixes all of those at once, pause. You may have several valid needs, but they still need a primary request type. A provider cannot scope “everything feels wrong” into anything reliable.

Why early preparation matters

Security and investigation-related requests usually fail at handoff. The actual problem is rarely “nobody is qualified.” The actual problem is that the first brief arrives half-formed, missing dates, missing authority, missing locations, and padded with interpretations instead of facts.

Late documents force re-briefing. Unlabeled evidence creates version problems. Five internal contacts with different stories create credibility problems. An urgent tone without a named decision-maker creates the special kind of meeting that somehow burns an hour and still decides nothing.

A clean intake package does three things:

  • It reduces friction. The provider can understand the request faster.
  • It improves scoping quality. The proposed next steps are based on facts, constraints, and actual authority.
  • It protects your own team. Fewer people guess, fewer people overshare, and fewer people invent certainty because the call felt important.

If you have already read the site’s Problem gelöst! page or the Brillstein page, treat this article as the practical pre-work behind that messaging. Preparation improves decision quality. It does not create guarantees, and nobody serious should promise those.

Define the request clearly: what you need vs. what you want

Start with one sentence that answers three basic questions: what happened, what you need, and what time pressure exists. Do not open with internal mythology, blame, or a 14-minute history of previous frustrations.

A workable request statement looks like this:

“We need initial scoping support for a Germany-based representation with concerns around site security, internal reporting gaps, and a recent incident set. We need to understand whether this should be treated as a risk assessment, investigation-support task, or protective-services matter. We have a decision deadline this week and a limited internal evidence package ready for review.”

That is plain, limited, and usable. Compare it with the usual broken version: “There are many issues, several departments are affected, it may involve personnel matters, there have been different events over time, and we need someone to take over.” No. That is not a brief. That is a fog machine.

When defining the request, separate the deliverable you want from the operational support you may later need.

Request type Typical ask What to prepare
Security / risk assessment Assessment of exposures, controls, routes, roles, or site/process vulnerabilities Locations, operating context, control gaps, timelines, stakeholders
Investigation support Structured review of a defined incident or allegation set Incident chronology, evidence index, witness/contact list, handling limits
Protective services Support for people, meetings, travel, site presence, or event-related protection Who is affected, where movement occurs, timing, exposure concerns, approvals
Relocation / safe house support Planning for discreet temporary movement and protected accommodation People involved, urgency, movement constraints, confidentiality boundaries

Also define the constraints you already know:

  • Timeline: Is this same-day urgent, this-week urgent, or just chronically neglected?
  • Locations: Germany-only, cross-border, multiple sites, travel routes, event venues, temporary accommodation?
  • Decision-makers: Who can authorize work, disclosures, access, and spend?
  • Budget range: If applicable, say whether you are testing options, pre-approved, or waiting for sign-off.
  • Limits: Confidentiality, data handling, labor issues, regulatory review, or internal politics. Yes, internal politics is a limit. Pretending otherwise is decorative lying.

Stop bundling unrelated problems into one request. A payroll dispute, a travel-protection concern, and an internal fraud suspicion may all matter, but they should not be mashed together in one opening brief unless you can explain the factual connection.

Checklist 1: company and context intake

Build one clean company-context package. This is the “what environment are we dealing with?” file, not the incident file.

  • Legal entity: Company name, high-level ownership or group structure, and which entity is asking for support.
  • Representation or office details: Site addresses, operating hours, site type, and any special facility characteristics.
  • Core locations and routes: Offices, warehouses, meeting venues, travel paths, handover points, regular routes, and high-friction areas.
  • Key contacts: Security lead, legal or compliance contact, HR lead, operations lead, IT contact, and executive sponsor.
  • Timeline drivers: What changed, when it changed, upcoming meetings, deadlines, travel, staffing changes, public events, or contract milestones.
  • Affected processes: Visitor handling, contractor access, executive travel, shipments, site access, records handling, communications flow, incident reporting.
  • Known control gaps: Weak access control, poor logging, unclear approvals, unmanaged contractors, sensitive data scattered across channels, delayed escalation.
  • Desired outcome of the first conversation: Clarify request type, identify missing facts, and get a scoping path. Not “solve everything by Tuesday.”

Keep this package high level and readable. If a provider has to infer basic structure from ten forwarded email fragments, your intake process is not a process. It is archaeology.

Checklist 2: incident and evidence package

This is the second package. Keep it separate from company context. Mixing them is how facts disappear into commentary.

Start with a short chronology. Not a speech. A chronology.

  • Incident ID: Assign a simple internal reference such as `DE-REP-2026-01`.
  • Date and time: Use exact dates and local time where known.
  • Location: Site, office, route, digital system, meeting, or channel involved.
  • Observed fact: What was seen, received, reported, or recorded.
  • Source: Who observed it or where the record came from.
  • Status: Original retained, copy made, awaiting verification, restricted, or reviewed internally.

Then classify what you have. Common categories include:

  • emails and messages
  • call notes or incident reports
  • access logs, visitor records, badge data
  • CCTV references or stills, if available and lawfully handled
  • meeting notes and approvals
  • photos, scans, screenshots, or device exports
  • witness or staff statements
  • contracts, delivery records, shipment notes, or vendor communications

Collect facts, not editorial theory. “We think this was coordinated” is not evidence. “Badge used outside normal hours on May 16, 2026 at 21:14 local time; access approved by unknown user; no corresponding visitor log” is evidence-shaped. Start there.

Incident and evidence folder ready for documentation.
Keep a clean incident and evidence folder ready before the first call. Use neutral labels, keep originals where possible, and avoid exposing real case details in circulated materials.

Use a simple labeling rule for every document or file:

  • Reference: `DE-REP-2026-01-E01`
  • Date: `2026-05-18`
  • Source: `visitor-log`, `email`, `hr-note`, `camera-ref`, `invoice-copy`
  • Description: short and literal, such as “front-desk sign-in entry missing badge number”

Preserve integrity conservatively:

  • Keep originals where possible. Work from copies for review.
  • Limit access. Not everybody needs the raw files.
  • Maintain a simple internal chain-of-custody note. Who copied it, when, from where, and who received it.
  • Do not rewrite or merge versions. Version confusion destroys trust fast.
  • Do not send raw sensitive material before handling is agreed. An index can be enough for the first scoping call.

If your internal team keeps annotating screenshots, renaming files into nonsense, or forwarding originals through mixed personal and corporate channels, rule that out before anything else. Sloppy evidence handling does not look dynamic. It looks avoidable.

Checklist 3: people and access map

Providers lose time when nobody can answer a simple question like “who can approve building access?” or “who is authorized to brief external support?” Map that in one page.

  • Single point of contact: One owner for the provider relationship. Not six people replying all at once.
  • Security coordinator: Internal lead for operational facts and access questions.
  • Legal / compliance contact: The person who can state handling limits and escalation needs.
  • HR / people ops contact: Needed when personnel, conduct, or welfare issues intersect with the matter.
  • IT / systems contact: Needed if logs, devices, messaging platforms, or access systems are involved.
  • Operations owner: The person who understands the workflow that may be disrupted.
  • Executive sponsor: The person who can approve priorities and unblock decisions.

Then add the access boundaries:

  • Who can grant building access?
  • Who can authorize visitor or contractor exceptions?
  • Who controls keys, badges, and reception procedures?
  • Who can export system logs or device records?
  • Who can authorize interviews, record review, or external briefing?
  • Who decides within minutes, and who decides within days?

Also document the visitor and contractor flow in plain language: check-in steps, badges, escort rules, loading access, after-hours procedures, and known exceptions. “We usually know who is here” is not a control. It is a hope dressed as a process.

Checklist 4: risk, compliance, and communications boundaries

Do not bolt compliance onto the side after the operational call. Put it in scope from the start.

  • Relevant policies: incident response, escalation, confidentiality, records handling, access control, travel, contractor management, staff conduct, device use.
  • Data protection: identify whether personal data is involved, who is responsible internally, what categories exist, and what restrictions apply. For Germany-based matters, consider GDPR and internal privacy rules conservatively.
  • Need-to-know handling: define who may see the incident package, who only needs summaries, and who should not receive operational details.
  • External communications: state what can be shared externally, with whom, through which channels, and with what approval.
  • Record-keeping: know what must be documented, what can be summarized, and what requires restricted handling.
  • Legal coordination: where legal or compliance review is needed, say so early. Keep the guidance general. This is process discipline, not legal advice.

If your internal team has not decided what can leave the company, do not solve that problem by emailing everything to everyone. That is not a workaround. That is a new problem.

One practical note: if your intake process is currently spread across loose documents, spreadsheets, and email chains, a neutral internal tooling reference such as a web app generator can be useful for building a controlled intake form or case-tracking workflow. It is only a process aid, not a substitute for judgment.

The 20-minute briefing structure

Here is the briefing script that prevents most first-call chaos. Keep it to 20 minutes unless the provider asks for deeper review.

  1. Context in 2 to 3 sentences: Who you are, what environment is involved, and why the issue matters now.
  2. Primary request type: Security assessment, investigation support, protective services, or relocation/safe house support.
  3. Locations and movement: Which sites, routes, meetings, or travel patterns matter.
  4. Timeline: What happened when, what changed recently, and what deadline exists.
  5. What you have collected: Company intake package, evidence index, access map, policy limits.
  6. Constraints: Data protection, labor issues, confidentiality, budget, timing, political sensitivity, or approval bottlenecks.
  7. Decision-makers and next step: Who approves scoping, what must happen next, and when the follow-up decision will be made.

A short email version works too:

Subject: Initial scoping request for Germany-based representation support

1. Context: We are preparing a first briefing regarding a Germany-based representation with current concerns around site/process security and incident handling.

2. Request type: We need help determining whether the immediate need is risk assessment, investigation support, protective support, or a combined phased scope.

3. Locations: Primary office in Germany, associated meeting activity, and defined staff/visitor movement points.

4. Timeline: Relevant changes occurred over the past two weeks; internal review deadline is [date].

5. Documents ready: Company context summary, contact map, evidence index, and preliminary compliance limits.

6. Constraints: Restricted handling of personal data, limited internal distribution, executive sign-off required for next-stage support.

7. Next step requested: 20-minute scoping call and confirmation of what additional information is needed.

Before the call, send the two packages and a short evidence index, not necessarily the full evidence set. During the call, ask practical questions:

  • How do you separate intake from scoping?
  • What additional information do you need before proposing scope?
  • How do you handle confidential materials and access limits?
  • What deliverable formats are typical for this kind of request?
  • What is the expected timeline for initial scoping if the intake package is complete?

Notice what is missing from that question list: no one asks for promises. Ask for process, handling, and scope logic instead.

What you can expect next: typical workflow stages

Once the first contact is complete, the workflow is usually less cinematic than people fear and more procedural than they expect.

1. Intake

The provider reviews the request type, confirms missing facts, tests authority, and decides whether the issue is defined enough to scope properly.

2. Scoping

Objectives, locations, constraints, access needs, and likely deliverables are clarified. This is where vague requests become real or collapse under their own ambiguity.

3. Plan

A proposed plan is outlined: assessment steps, information requests, operational boundaries, reporting format, coordination points, and implementation-support options where relevant.

4. Implementation support

If approved, support may move into coordination, protective measures, process hardening, investigation-support activity, or relocation/safe-house planning as applicable.

Timeline depends on intake completeness, access to records, approvals, and how disciplined your internal point of contact is. In other words, the process is partly a mirror. It shows your own operating habits back to you.

Common mistakes to avoid

  • Missing facts: no exact dates, no location list, no named owner, no chronology.
  • Unclear authority: several internal voices, nobody with approval power, and no single contact.
  • Mixed issues: unrelated disputes and concerns bundled into one “urgent” request.
  • Unmanaged communications: sensitive information sent through the wrong channels or to people who do not need it.
  • Overpromising internally: telling management “they will fix it” before scoping exists.
  • Under-sharing constraints: failing to mention GDPR issues, legal review, budget limits, or restricted access until late in the process.
  • Broken evidence labeling: multiple versions, edited screenshots, mystery filenames, and no chain-of-custody note.

The first diagnostic step is simple: open your draft briefing email and see whether it names the request type, the main location, the timeline, the owner, and the evidence package. If not, stop writing new paragraphs and fix those five items first.

Final takeaway

A clean briefing package does not guarantee an outcome. It does something more useful: it reduces confusion, improves scoping, and helps everyone make decisions based on documented reality instead of urgency theater.

Build two packages: one for company and context, one for incident and evidence. Then add the people map, access rules, compliance limits, and a 20-minute script.

If you need the next step, make it small and clear. Review the broader background on About or the service categories on Services, then use Contact to send a scoping-ready first brief. Check the boring thing first. The boring thing is usually the actual problem.

Scroll to Top

Contact: [email protected]