Information Security

Information and data are enormously important to companies and deserve appropriate protection as critical resources. Much of the data is created, stored, transmitted and processed by IT. Therefore, safeguarding IT infrastructure makes an important contribution to corporate security – but is insufficient for an integrated security concept. This applies, in particular, to companies that come under the IT- Security Act (ITSiG) as operators of critical infrastructure. An information security management system (ISMS) affords an adequate opportunity to bundle all critical business information into a single management process to achieve such goals as long-term reliability, availability and integrity. An ISMS system examines all types of information and data. With the successful introduction and certification of the ISMS, accompanied by continuous refinement of the system, your company will be in conformity with the current requirements for information handling.

We will provide you with practical support in implementing the requirements of your ISMS system, provide you with individual consultations with respect to your corporate processes and needs and will thereby enable your company to develop and maintain long-term information security. Profit from our many years of experience as an ISO/IEC 27001-certified company!

Service area Description

Implementation of an ISMS system under ISO/IEC 27001

Module 1: Actual state analysis
Module 2: Gap analysis
Module 3: Management framework, roles, leadership & commitment
Module 4: Documentation & policies
Module 5: Asset & risk management
Module 6: Monitoring, measuring & evaluating an ISMS
Module 7: Sensitization, awareness & communication of information security
Module 8: Requirements Appendix A, ISO/IEC 27002

(can be ordered individually or as a bundle)

 

Advice on the ISMS process

  • Coaching & advising
    • Tasks & requirements as an ISMS Officer
    • Streamlined & efficient ISMS reporting
    • Efficiency consulting for Modules 1 to 8
  • Provide ongoing communication regarding information security & raise awareness
  • Internal auditing & reviews under ISO/IEC 27001 & ISO/IEC 27002
  • Workshops on sensitization & raising awareness tailored to the customer

 

Function of the external officer

  • Appointment of an External Information Security Officer in accordance with ISO/IEC 27001
  • Assumption of the corporate function of contact person for  IT security

 

Data protection and ISO/IEC 27001 – how does this work together? Feel free to contact us!