Home / Consulting / ISO 27001

ISO 27001

As the most important cyber security standard, the international standard ISO/IEC 27001:2013 sets out the requirements for the implementation and documentation of an information security management system (ISMS).

Minimizing Risk, Maximizing Effectiveness

With the implementation of an ISMS according to ISO 27001, you can anchor processes to protect the integrity, availability, and security of all processed data in your organization. The requirements are very complex and include investigations specifically for physical security and environmental security.

ISO 27001 offers organizations of all sizes clear principles for the design, implementation, control, and optimization of their information security. The requirements are basically applicable to private companies as well as the public sector.

With our neutral and recognized ISO 27001 certification in cooperation with TÜV Rheinland, you can secure the trust of your customers, business partners, and the legislator.

Ganzheitliche Betrachtung

Preventing unauthorized access, damage, and disruption to an organization’'s information and information processing facilities is a key objective for any ISO 27001- certified management system. During audits, we often find that there are gaps in the area of physical security, especially in relation to Data Centers and the associated IT infrastructure.

None of the checks mentioned in ISO 27001 work in isolation. For this reason, we want to ensure during the assessment that there is a set of interrelated processes that enable effective and sustainable resource protection.

ISO 27001 auf der Basis von IT-Grundschutz nach BSI Grundschutz-Kompendium

ISO 27001 certifications on the basis of IT-basic protection give companies and authorities the opportunity to enhance their efforts for information security. It also facilitates the successful implementation of international standards using the IT-basic protection methodology documented internally and externally. The legal basis for the procedure is the law on the Federal Office for Information Security (BSI Law, BSIG) and the Certification Ordinance on the BSI Law (ZVO). ISO 27001 has a generic structure, i.e. it can be applied to all industries and company sizes worldwide. When implementing ISO 27701, your individual business processes form the basis for the certification audit. This means that the standard can be applied worldwide to all industries and company sizes.

The processes described in the BSI standards 200-1, 200-2, and 200-3 as well as the modules of the IT- basic protection compendium are concrete requirements that can be used to set up and implement the ISMS.

Procedure for obtaining ISO 27001 certification

1. Gap Analysis / Pre-Audit

This activity, performed by our auditors, offers the opportunity to focus on critical, high-risk, or weak areas in your system to create a certifiable system. We also check to what extent existing management systems or processes, for example based on ISO 13485 or ISO 9001, can be used within the standard you have selected.

Wherever you are in the certification process, you determine the scope.

2. Certification

This is usually a two-phase process consisting of an assessment of the system and an initial assessment. The duration depends on the size and type of your organization.

3. Monitoring

Once we have validated your ISMS, we conduct regular audits to ensure the ongoing effectiveness of your system. As a result, you can be sure that your ISMS is able to preventively ensure information security and to protect the information and data of your organizations from damage and threats.

4. Management system assessment

If you wish to combine your company’'s ISMS with an existing management system (e.g., quality), you could benefit from a coordinated assessment and monitoring program.

Our range of ISO 27001 audit and training services is suitable for companies and organizations of all sizes. Do you have questions about ISO 27001?

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_HZ42T7W822	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_194329253_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

ISO 27001