With digital progress, many opportunities for growth and efficiency have emerged – at the same time, system vulnerabilities of companies and clients are growing due to their increased interconnection. The implementation of ISO/IEC 27001 actively helps to protect corporate values, reduce risks in the domain of information and data security, and improve system availability.
A key aspect of ISO / IEC 27001 is the anticipatory identification of IT risks, their assessment and the implementation of appropriate measures to reduce threats. In addition to technical topics, organizational, physical and personnel issues, such as employee awareness and competence are included too.
The core element is the introduction of an information security management system (ISMS). That implies a comprehensive, integrated and standardized management system – with specified rules and processes, which have the purpose of defining, routing, controlling, preserving and continuously optimizing information security within the company. It is a continuous process based on the plan-do-check-act method: Effectiveness must be reviewed on a regular basis by means of appropriate monitoring measures and changes affecting the scope of application must be taken into account. In case new risks are detected, a further process cycle is necessary.
The declaration of applicability, i.e. the definition of the areas that are to be covered by the certification determines the complexity and the amount of work involved in the ISMS. We have opted for the maximum scope of application. Not only parts, but the entire company is subject to the certification requirements. Our organizational and conceptual departments as well as development, quality assurance and the operation of the FUTURA-cloud are all ISO-certified. Our ISMS is managed and fully supported by our executive board. On a “remarkably high level”, as the current audit by TÜV Saarland has pointed out.
TÜV Saarland is accredited by the DAkks (German accreditation body) and has the authority to certify information security management systems as per ISO/IEC 27001.
The DAkkS is the national accreditation body of the Federal Republic of Germany and offers one-stop accreditations for all areas of conformity assessment. The process of accreditation builds trust in certificate conclusions, audit reports and inspections and also promotes their worldwide recognition and comparability. With its accreditation, the DAkkS confirms that the accredited body is fulfilling its tasks expertly and according to applicable regulations. In short: The DAkkS is auditing the auditors.