Play it safe with ISO 27001
Protect the intangible assets of your company with an information security management system (ISMS) according to ISO 27001: The international standard helps you to ensure and continuously improve the confidentiality & integrity of your sensitive data as well as the availability of business information and IT systems.
We advise and support you in setting up an ISMS according to ISO 27001 and will assist you through the entire implementation process: From analyses to ISMS assessments and audits, and through to certification.
Together with you we determine your individual needs and elaborate a customized security concept that will take the specific features and IT risks of your company into account and also reduce potential threats as far as possible.
Our ISO 27001 services at a glance
Workshops & Trainings
(strategic / operational / awareness-related)
GAP / maturity level analysis
Assessments & pre-audits
Analysis of risks- & protection requirements
(Internal) audits according to ISO 27001
Guide to certification
Supplier audits
Coaching during your ISMS implementation & operational support
Elaboration of ISMS documents with audit tried templates/tools
Your benefits at a glance
- Sustainable protection of your information, data & business processes
- Proof of trust & compliance to clients and business partners
- Identification & elimination of vulnerabilities and thus reduction of IT risks
- Establishment of check & control mechanisms
- Reliable availability of IT systems, processes & data
- Customized alignment of the ISMS to your company and its specific features & risks
- Creation of employee awareness for the topics of IT security & data protection
- Continuous improvement of your IT processes
What are some arguments in favor of ISMS rollout & certification according to ISO 27001?
In the course of digitalization companies save and process lots of confidential information and data every day. Particularly the company’s IT may thus become an attractive target for Internet criminals: This may lead to data abuse, IT failures or cyber espionage and entail serious legal and financial consequences. Therefore, the information systems involved should be effectively protected against external interferences and risks: The international standard ISO 27001 provides enterprises of all sizes and industries with a guideline for the introduction, implementation, maintenance and continuous improvement of an information security management system (ISMS).
The standard can be used to systematically optimize your company’s information security in a structured way, discover existing risks and establish effective measures to close security vulnerabilities. Here, the individual situation of your business serves as the basis for a customized security concept.
With a certification according to ISO 27001 you can objectively demonstrate that you meet the requirements regarding information security and that your IT processes are secure and reliable. This creates trust with clients, business partners and supervisory authorities and ensures competitive advantages. Furthermore, operators of critical infrastructures (CI) may use an ISO 27001 certificate to demonstrate that their IT systems, components and processes meet adequate organizational and technical requirements according to the state of the art. They can thus comply with the claim of the German IT security act’s claim for a minimum level of IT security.
Frequently asked questions:
Context of the organization: Determination of the specific scope of the ISMS; performance of a requirement analysis.
Leadership and obligations: Requirements as to the organization management’s responsibility; roles, responsibilities & authorities in the organization; corporate policy.
Planning: Measures concerning the handling of risks & opportunities; determination of information security objectives and planning how they can be achieved.
Support: Requirements regarding the safeguarding of ISMS effectiveness (resources, competencies, security awareness, communication, documented information).
Operation: Operational planning & control; regular risk assessment & handling.
Assessment of the performance: Monitoring, measurement, analysis & assessment of the measures and achievement of objectives; internal audits; management assessment.
Improvement: Non-conformity & corrective actions; continuous enhancement of the ISMS.
Since the requirements are generally applicable, the standard is suitable for private and public enterprises of all sizes and industries as well as non-profit institutions.
CI operators may additionally use an ISO 27001 certification to prove that they comply with the minimum level of IT security. A prerequisite here, however, is that its scope completely covers the critical infrastructure and/or the critical service.
Since ISO 27001 is based on the High Level Structure for Management System Standards it may easily be integrated into an existing management system, e.g. according to ISO 9001.
You have questions? We are pleased to help!
Gerald Krebs
Alexander Padberg
Further services
