Information Security.
Planning, implementation, maintenance and continuous improvement of the security of your information, based on a management system (ISMS).
Focus on the Entire Organisation
For modern companies, protecting their information is one of the most important tasks. Management systems use a risk-based approach to assess the potential threat to all types of information and enable structured mitigation or avoidance of these risks. Information security is therefore much more than just IT security.
The confidentiality, integrity, availability and authenticity of information are the established protection goals.
The Key Features of Management Systems
Management systems are based on a circular process, the so-called PDCA cycle. They ensure the
- constant assessment of the status quo of information security
- ongoing adaptation to constantly changing threat situations
- continuous improvement of the system.
Sometimes an ISMS is established because of a required certification. In our experience, however, you will quickly learn to appreciate the obvious advantages of an actively practiced ISMS for your company:
- increased internal process transparency
- more effective processes
- improved level of security in all areas
Our Services for your Information Security
We support you
in setting up and operating your information security management system (ISMS). We adapt this as individually as possible to your existing organisational structure and your established processes.
Upon request and to the extent permitted by regulations, we can take on the role of Chief Information Security Officer (CISO) in your organisation.
We advise and support you individually
in creating the necessary document framework. Here, too, we focus on your existing structures and processes.
We make you “audit-ready”
so that certification can take place without any headaches. If you wish, we can organise the audit process for you with renowned certifiers and coordinate the dates.
In Europe, we follow the international standard ISO/IEC 27001 and are happy to guide you through the certification process.
We will be happy to combine your ISMS with other management systems - e.g. for business continuity management or data protection according to GDPR – as required.
It goes without saying that we take into account or integrate special requirements from industry or local standards - such as those of BaFin (VAIT, BAIT, ZAIT, KAIT), the automotive industry (TISAX) or the requirements for operators of critical infrastructures (KRITIS) in Germany.
In the USA and Canada, in addition to the ISO/IEC 27001 standard, the Cyber Security Framework of the National Institute of Standards and Technology (NIST) is also the basis for setting up and operating the ISMS. Here, too, we support you with expertise and individual solutions.
Check out our information brochure.