Information Security Management as part of the security concept
Digitalisation offers not only opportunities, but also risks that can disrupt or even bring business operations to a standstill.
Whether it's data theft, ransomware or social engineering, cybercriminals' methods are becoming increasingly sophisticated and the requirements for warding off attacks are becoming ever more challenging.
A continuously maintained information security management system helps you minimise misuse of information and ensure compliance with legal requirements – thereby gaining the trust of your customers and partners in the following areas:
Confidentiality: Only authorised persons can read or view confidential information.
Integrity: Unauthorised access to or deletion of information is prevented.
Availability: Required information is available to authorised persons at all times.
Certification is recommended for organisations that handle sensitive information or want to enjoy an advantage in tenders. In some industries, certification is required by law, e.g. for operators of critical infrastructures.
Benefits of Certification
Continuity of Business Operations
Intellectual property, financial and customer data are protected against unauthorised access, loss or manipulation, ensuring smooth business operations.
Cost Reduction
By systematically identifying and assessing risks, security incidents can be prevented with appropriate measures – saving long-term costs for business interruptions, repairs and compensation.
Competitive Advantage
A certified safety management system helps to comply with relevant laws and regulations – customers and business partners appreciate improved legal certainty.
Facts and information
The standard combines its own risk analysis with specified measures (Annex A).
It follows the High Level Structure (HLS) and can therefore be easily combined with other ISO management systems, e.g. ISO 9001, ISO 50001, ISO 45001, etc.
Annex A is an integral part of ISO 27000. It is a collection of at least 93 specific information security controls.
The list is structured into organisational measures, measures for employees, physical and technical measures, and can be expanded as needed. Individual measures can also be excluded if justified.
SoA is a mandatory document for certification and part of the certificate.
It is a detailed list of all controls from Annex A of ISO 27001, with justification and use of all measures that must be checked, supplemented and excluded, including implementation status.
GUTcert was a competent, fair and reliable partner at all times during the certification of our ISMS according to ISO 27001 and accompanied us with valuable tips and recommendations on the way from the pre-audit through Stage 1 to the successful certification audit.
Mario Konietzny, Stadtwerke Lutherstadt Eisleben GmbH
[Translated with DeepL]
The audit process with GUTcerts was very smooth, and the professionality of the auditor was outstanding. Our Auditor was very helpful with his insights and comments on our ISMS and I would like to forward to you our management’s appreciation for his excellent work.
Peter Mansour, IDEALworks GmbH
[Translated with DeepL]
GUTcert guided us through the certification process in a swift and focussed manner. They always responded quickly and professionally to enquiries. As a result, our initial certification also ran smoothly.
Jan Hotzel, Vision2B GmbH
[Translated with DeepL]
There are no items matching your search.
Further services
Integrated MS
With an integrated management system, you save valuable time, human resources and, last but not least, costs
