ISMS introduction and operation
Nowadays, information is generally processed and stored by means of information technology. Most business processes in your company today are dependent on a functioning IT. The resulting risks must be identified and presented transparently. A professional information security management system (ISMS) is necessary to achieve a level of protection appropriate to the company.
This must be initiated by the company management, lived as a process throughout the company and manifested in the company-wide security management.
For the implementation, execution, control and continuous optimization of such an information security management system (ISMS), we are guided by the ISO/IEC 27001:2015 standard.
Among other things, we support you in:
- the creation of corporate guidelines
- the creation of security guidelines
- the development of a security organization
- the execution of risk analyses
- the introduction of the necessary security processes, e.g. BCM & Incident Management
- Measuring the efficiency of the ISMS
- the implementation of awareness measures
We are guided by international standards such as ISO/IEC 27001:2015 and take into account your specific compliance requirements and internal framework conditions.
Does your ISMS processes work? Are all requirements demanded by the standard covered? We support you with the following activities:
- As-is analysis of the ISMS
- Gap analysis (target-performance comparison) - Closing all gaps
- Definition and processing of the weak points
- Determining the efficiency of the ISMS and the measures taken
Would you like to have your Information Security Management System certified according to ISO/IEC 27001:2015? We support you on the way there. Our ISMS lead auditors also work as external auditors for certification companies and bring the necessary know-how for a pre-qualification. We examine all areas as part of a pre-certification audit and support you in closing any gaps.
The multitude of different systems and facilities in today's buildings, complexes and areas require a modern and holistic security concept. Recent experience and statistics have shown that the interaction of information technology, organization and property security still offers potential for optimization. We illuminate the various areas such as perimeter security, access control, video surveillance, intrusion detection and fire alarm technology and present a status quo. Based on this, we create a catalog of measures to protect against active and passive threats (human or technical failure, natural events, espionage, vandalism and sabotage). All this is done in close interaction with the company organization, information technology and data protection.