ISO 27001 Certification for Information Security Systems (ISMS)
Top executives of organisations that operate an information security management system (ISMS) sleep more soundly: a well-designed ISMS not only protects IT systems, but also all information within the company, such as the often valuable expertise of employees. At a time when ISMS is becoming a legal requirement for more and more companies, such a system ensures maximum legal certainty and protects companies from damage to their image by minimising risk.
Information security is not only relevant for Critical Infrastructure Operators (KRITIS)
Hardly a week goes by without news of IT-based threats, such as NSA eavesdropping, electoral manipulation, ransomware, data theft, social engineering. This fuels the public debate about information security – and data protection does not only concern critical infrastructures but rather almost every small or large company is affected.
Serious IT security gaps often arise due to external influences, such as technical vulnerabilities, but also frequently due to ignorant or careless employees. Only with a holistic approach can companies protect themselves as effectively as possible against such internal and external threats. An ISMS is the right solution here.
There are many approaches to integrating an effective ISMS – but only ISO/IEC 27001 is internationally recognised. The standard combines a proprietary risk analysis with specified technical and organisational measures. BSI Grundschutz is primarily intended for public authorities, but can also be used for companies. A separate risk analysis and corresponding measures for implementation are specified for almost all hazards and threats. KRITIS operators can use any of the above systems and extend the specific requirements of their industry. If an industry-specific security standard (B3S) has been created for their industry, KRITIS operators should follow it. However, they can also use one of the above systems as the basis for their ISMS.
An ISMS is not a programme or process that you start and run through once a year. Rather, it is an omnipresent companion to each of your business processes. All employees, from the gatekeeper to the managing director, are involved. Training is often required for this – our GUTcert Academy therefore offers various seminars on the subject of IT security.
If you have any questions about the basic conditions for certification, the procedure during the audit or the added value of integrated certifications, the employees at our certification body are always available to assist you.
A penetration test, or pentest for short, is a procedure for checking potential security vulnerabilities in IT infrastructure, individual IT systems or (web) applications. It uses the same techniques and methods that potential attackers or hackers would use to illegally penetrate a system. Targeted attacks can be used to identify sensitivity to intrusion and manipulation attempts and potential vulnerabilities. As an important security check for IT systems of all sizes, it is particularly relevant for companies and is the perfect practical addition to ISO/IEC 27001.
The consequences of a poorly executed penetration test can be far-reaching and should therefore only be carried out by qualified IT experts. Our team at Berlin Cert is your competent partner for this!
The audit process with GUTcerts was very smooth, and the professionality of the auditor was outstanding. Our Auditor was very helpful with his insights and comments on our ISMS and I would like to forward to you our management’s appreciation for his excellent work.
Peter Mansour, IDEALworks GmbH
[Translated with DeepL]
GutCert guided us through the certification process in a swift and focussed manner. They always responded quickly and professionally to enquiries. As a result, our initial certification also ran smoothly.
