ISO 27001

As the most important cyber security standard, the international standard ISO/IEC 27001:2013 sets out the requirements for the implementation and documentation of an information security management system (ISMS). 


Minimizing Risk, Maximizing Effectiveness

With the implementation of an ISMS according to ISO 27001, you can anchor processes to protect the integrity, availability, and security of all processed data in your organization. The requirements are very complex and include investigations specifically for physical security and environmental security. 

ISO 27001 offers organizations of all sizes clear principles for the design, implementation, control, and optimization of their information security. The requirements are basically applicable to private companies as well as the public sector. 

With our neutral and recognized ISO 27001 certification in cooperation with TÜV Rheinland, you can secure the trust of your customers, business partners, and the legislator.

Ganzheitliche Betrachtung

Preventing unauthorized access, damage, and disruption to an organization’'s information and information processing facilities is a key objective for any ISO 27001- certified management system. During audits, we often find that there are gaps in the area of ​​physical security, especially in relation to Data Centers and the associated IT infrastructure. 

None of the checks mentioned in ISO 27001 work in isolation. For this reason, we want to ensure during the assessment that there is a set of interrelated processes that enable effective and sustainable resource protection.


ISO 27001 auf der Basis von IT-Grundschutz nach BSI Grundschutz-Kompendium

ISO 27001 certifications on the basis of IT-basic protection give companies and authorities the opportunity to enhance their efforts for information security. It also facilitates the successful implementation of international standards using the IT-basic protection methodology documented internally and externally. The legal basis for the procedure is the law on the Federal Office for Information Security (BSI Law, BSIG) and the Certification Ordinance on the BSI Law (ZVO). ISO 27001 has a generic structure, i.e. it can be applied to all industries and company sizes worldwide. When implementing ISO 27701, your individual business processes form the basis for the certification audit. This means that the standard can be applied worldwide to all industries and company sizes. 

The processes described in the BSI standards 200-1, 200-2, and 200-3 as well as the modules of the IT- basic protection compendium are concrete requirements that can be used to set up and implement the ISMS.


Procedure for obtaining ISO 27001 certification

1. Gap Analysis / Pre-Audit

This activity, performed by our auditors, offers the opportunity to focus on critical, high-risk, or weak areas in your system to create a certifiable system. We also check to what extent existing management systems or processes, for example based on ISO 13485 or ISO 9001, can be used within the standard you have selected.

Wherever you are in the certification process, you determine the scope.

2. Certification

This is usually a two-phase process consisting of an assessment of the system and an initial assessment. The duration depends on the size and type of your organization.

3. Monitoring

Once we have validated your ISMS, we conduct regular audits to ensure the ongoing effectiveness of your system. As a result, you can be sure that your ISMS is able to preventively ensure information security and to protect the information and data of your organizations from damage and threats.

4. Management system assessment

If you wish to combine your company’'s ISMS with an existing management system (e.g., quality), you could benefit from a coordinated assessment and monitoring program.

Our range of ISO 27001 audit and training services is suitable for companies and organizations of all sizes. Do you have questions about ISO 27001? 

Contact us!