As the most important cyber security standard, the international standard ISO/IEC 27001:2013 sets out the requirements for the implementation and documentation of an information security management system (ISMS).
Minimizing Risk, Maximizing Effectiveness
With the implementation of an ISMS according to ISO 27001, you can anchor processes to protect the integrity, availability, and security of all processed data in your organization. The requirements are very complex and include investigations specifically for physical security and environmental security.
ISO 27001 offers organizations of all sizes clear principles for the design, implementation, control, and optimization of their information security. The requirements are basically applicable to private companies as well as the public sector.
With our neutral and recognized ISO 27001 certification in cooperation with TÜV Rheinland, you can secure the trust of your customers, business partners, and the legislator.
Preventing unauthorized access, damage, and disruption to an organization’'s information and information processing facilities is a key objective for any ISO 27001- certified management system. During audits, we often find that there are gaps in the area of physical security, especially in relation to Data Centers and the associated IT infrastructure.
None of the checks mentioned in ISO 27001 work in isolation. For this reason, we want to ensure during the assessment that there is a set of interrelated processes that enable effective and sustainable resource protection.
ISO 27001 auf der Basis von IT-Grundschutz nach BSI Grundschutz-Kompendium
ISO 27001 certifications on the basis of IT-basic protection give companies and authorities the opportunity to enhance their efforts for information security. It also facilitates the successful implementation of international standards using the IT-basic protection methodology documented internally and externally. The legal basis for the procedure is the law on the Federal Office for Information Security (BSI Law, BSIG) and the Certification Ordinance on the BSI Law (ZVO). ISO 27001 has a generic structure, i.e. it can be applied to all industries and company sizes worldwide. When implementing ISO 27701, your individual business processes form the basis for the certification audit. This means that the standard can be applied worldwide to all industries and company sizes.
The processes described in the BSI standards 200-1, 200-2, and 200-3 as well as the modules of the IT- basic protection compendium are concrete requirements that can be used to set up and implement the ISMS.
Procedure for obtaining ISO 27001 certification
1. Gap Analysis / Pre-Audit
Wherever you are in the certification process, you determine the scope.
4. Management system assessment
Our range of ISO 27001 audit and training services is suitable for companies and organizations of all sizes. Do you have questions about ISO 27001?