Trainer info inner banner

Trainer avatar

Andreas Gehrmann

Current Employer: SRMS and Associates | City: Singaore

Province / State / Region: N/A | Country: Singapore


Profile Summary

Andreas Gehrmann has more than twenty-five years experience in consultancy,  auditing and business development in the Asia Pacific region. Firstly, having spent more than ten years in the field of quality management, secondly he worked more than fifteen years in the field of information security, business continuity management, personal data protection, Smart Grid security and supply chain security management. Andreas has business development experience in the Asia Pacific region, including Korea, Japan, Vietnam, Indonesia, Malaysia, China, Singapore and Australia. After starting his career in Quality Management and Quality Control, Andreas focused on risk management and gained extensive experience in conducting assessments in the field of risk, resilience and business continuity management based on diverse standards. Especially experience in ISO 22 301 (Business Continuity) , Supply Chain Security Management based on ISO 28000, ISO 28002 (Resilience), Enterprize Risk Management based on ISO 31000 (Risk Management) and IEC/ISO 30010 (Risk Assessment) and integration of management systems. He is familiar with information technology security as well as physical security issues.  Andreas developed business continuity plans for certification bodies, critical infrastructure operators in, Singapore and Manufacturer of Smart Meters as well as part of consulting for cloud service providers. He is a trainer for business impact assessment and conducts training based on ISO 22317 and has hands-on experience of disaster situations. Andreas participated in expert discussion and is featured in articles (see ) as expert and is recognized BCMS trainer under PECB as well as IRCA. Andreas conducted business continuity management audits in Singapore, Philippines and training in China, Korea, Vietnam, Philippines in various industries. Andreas assessed business continuity plans as part of various standards, including ISO 28000, QS-9000, ISO 22301, MTCS and ISO/IEC 27001. Andreas conducted Risk Assessment and Business Impact Analysis at industrial sites and provided Training for the international risk management framework standard in ISO 31 000 in Singapore and Vietnam for diverse international corporations. Andreas provided full consultancy service for ISO/IEC 20000-1 compliance for commercial cloud provider and developed software solution for Configuration management. He conducted consultancy for operation technology (OT) security for critical infrastructure provider.  He has conducted hundreds of assessments based on diverse standards in various industries like Telecom, Banking, Manufacturing and Business Process Outsourcing. For six years he conducted supply chain security assessments (2nd party and 3rd party), including dozens of certification audits based on ISO 28000 in various industries around the world. He had worked for TUV Rheinland in various countries in management capacities and in the role of a senior auditor and held the position as global competence center information security management systems and consultancy. Currently he works as a PCI DSS assessor and Cloud Computing Security Auditor (MTCS and CSA Star) for TUV Rheinland, and he develops software for risk management and compliance solutions. and consults on implementation of Informations security standards like ISO/IEC 27001 (Information Security) and integration of management systems as well as PCI DSS (Credit Card Data Processing) and IT Service management based on ISO/IEC 20000-1. Andreas worked in Smart Grid Security business and as consultant for critical infrastructure projects. He is an expert on smart city standards in the 37000 series  for Smart Cities and his expertise covers diverse areas relevant to Smart Cities. SRMS & Associates (Pte.) Ltd. works closely with DNV GL in various areas of digital solutions, risk management and resilience solutions. Andreas has extensive experience in process modeling and requirement analysis and is capable to analyze complex techno-social systems and to work in different cultural contexts. He is familiar with requirement engineering, BPMN, UML and SYSML. Andreas understands risk management in a business context and is capable to translate standards in meaningful management practice.  Andreas holds a master of Physics (Diplom Physiker) from the Technical University Berlin, his bachelor degree (Vor-diplom) covered Physics (major), Electronic data processing and chemistry (minor). He has received a grant from the German Academic Exchange Association (DAAD) and conducted post-graduated research in Korea and Japan. Andreas is also an experienced speaker at international conferences on various risk management and security related topics. He has developed and conducted numerous training courses in the field of quality management, risk and information security management and has performed hundreds of assessments and evaluations.


Trainer specialities and experience

Here is a detailed description of the courses that the trainer is specialized in and their related experience.

ISO 27001

Lead Auditor

Training Experience (Hours):1000

Professional Experience (Years): 16

ISO 22301

Lead Auditor

Training Experience (Hours):200

Professional Experience (Years): 7

Scroll to Top