ISO 27001 Certification for Information Security Systems (ISMS)

Information security is not only relevant for Critical Infrastructure Operators (KRITIS)

What is information security and do you need to know about ISO 27001?

NSA eavesdropping, electoral manipulation, ransomware, data theft, social engineering and much more fuel the public discourse on information security. And data protection does not only concern critical infrastructures - almost every small or large company is affected.

Serious IT security gaps are often caused not only by external influences, but also by ignorant or careless employees. Only with a holistic approach can companies protect themselves against such internal and external dangers in the best possible way. An information security management system (ISMS) is the right solution here. Accordingly, there are many approaches how to implement an effective ISMS - but only ISO 27001 is internationally recognised.

An ISMS is not a program you can turn on or a process you go through once a year. Rather, it is an omnipresent companion of every process in the company. All employees, from the doorman to the managing director, are in demand here. Training is often necessary - our GUTcert Academy offers various seminars on IT security.

Advantage of an ISMS: It protects not only your IT systems but also all information within the company, such as employee knowledge etc.

If you have any questions about the basic conditions of a certification, the procedure during the audit or the added value of integrated certifications, the employees of our certification body are always there for you.

ISO/IEC 27001 is particularly suitable for companies in which sensitive data and information is processed by individuals or companies. As a strategic tool, an information security management system can be used in all companies that process data or have information worthy of protection (in electronic or paper form). More information about ISO 27001 can be found here.

Critical infrastructure operators are those who provide essential services without which the general public could not be supported. Since July 25, 2015,  in accordance withthe IT Security Act, these have to prove an effective protection of their systems by implementation of an ISMS.