DIN EN ISO 27001:2017
IT Safety Catalogue acc. to §11 Abs. 1a German EnWG
Your data deserve certified protection!
Today, the processes in an enterprise strongly depend on systems of information technology. Errors in these systems often have far-reaching effects on functioning and reliability of procedures critical for business. It does not matter very much whether they are caused by software mistakes, hackers, or targeted attacks such as encryption trojans. At the same time, information in the enterprise is processed by different departments or external online services (keyword “cloud”). In all these places, sensitive information such as contracts, patents, business reports, or personal data must be protected with regard to confidentiality, integrity, and availability.
ISO/IEC 27001:2017 represents the internationally leading standard describing the implementation and maintenance of a suitable information security management system („ISMS“). Core of this system is a central risk management in which all analyses of the threat situation are connected with suitable countermeasures. As guideline, ISO/IEC 27001:2017 provides a series of aspects to be considered, e.g. the establishment of a suitable patch management, an increase in the awareness of the employees, or the check of the physical safety. On the basis of the German Energy Industry Act (EnWG), operators of energy supply networks were already requested to establish an efficient information security management system and to prove this by a recognized certification body. In this case, in addition to DIN EN ISO 27001:2017, the IT safety catalogue according to §11 Abs. 1a German EnWG (“Sikat”) applies. It describes the minimum extent of the review as well as technical requirements to the special environment in this area of the “critical infrastructures”.
- Access to sectors and customers who already made ISO/IEC 27001:2017 their standard
- Minimization of risks by identification and control in the risk management
- Avoidance of reputation and image damages by an early detection of threats
- Fulfillment of legal and contractual requirements by a certificate instead of having to display each individual detailed requirement of the customer
- Sensitization of the employees for meaning and protection of the information confided to them
- Efficient and structured behavior in case of security incidents
- Partner-like cooperation
- High professional competence
- Cooperation and confidentiality
- Long years of experiences in job and auditing
- High qualifications due to permanent education and training
- Internationally recognized competences
According to our motto “audits with competence and passion”