Comprehensive protection of your data held in the company.
These days, every company must face the risk of cyber attacks, data theft and other security risks. Such attacks are designed to severely impede business processes and can lead to tremendous trust issues with customers and business partners. Efficient information security management is therefore indispensable for long-term business success. This makes us your expert partner as information security and data protection specialists.
Due to the increasing digitalization of business processes and digital business models, information security is now an essential factor for any successful business endeavor. Strictly speaking, it not only encompasses data protection geared to protecting personal information but also protecting the company’s entire data and IT systems. Cyber attacks may present an existential threat for companies since they entail high losses in turnover, costs and loss of reputation.
DIN ISO 27001 is the globally recognized standard for information security management. It consists of a comprehensive collection of recognised methods and procedures – i.e., best practices – for securing information and IT systems. At the same time, it offers flexible scaling options for specific applications such as cloud services, telecommunications services or outsourcing IT processes.
DIN ISO 27001 ensures all-around protection for your information. It is designed primarily to realize three basic protection objectives which may me looked on as the pillars of information security. Confidentiality, integrity and availability of data and systems. Applying them to corporate information security enables a comprehensive approach involving both technical security standards and organizational measures. Setting up an IT security system on this basis serves as an underlying condition for a corresponding certification.
In addition to the possibility of certification according to DIN ISO 27001 by corresponding accredited bodies, the German Federal Office for Information Security (BSI), for example, offers BSI Grundschutz (basic protection) certification for this purpose. In this context, BSI standards 200-1 and 200-2 formulate the methodological requirements for an information security management system (ISMS). The best possible solution would be to combine the BSI–2020010828 Grundschutz certification with a GDPR data protection certification.
As experts in information security and data protection, we will cover all matters that are important for reliable and efficient information security management of your company. This includes:
We support information security organization and IT Security ISO 27001
We analyze and evaluate the existing risks in your company
We will identify the gaps that exist in your company.
Developing customized company checklists
Guideline preparation for your information security management system
Implementing and establishing an ISMS according to ISO 27001
Preparing and supporting your certification
Ongoing consulting and support in all issues around information security and data protection
The costs of an ISO 27001 certification depend on the extent and the scope of the ISMS to be certified, on the number of IT services and IT locations, on the risk potential of the company, on the degree of networking with external service providers and suppliers, as well as on the complexity of the IT processes to be certified. The same criteria apply to our consulting rates.
We will be happy to clarify all other points in a non-binding consultation focusing on your company-specific requirements for reliable information security, your requirements for our involvement and, of course, matters of cost.