ISO/IEC 27001 follow-up audit prepares for new IT organization

Futura Solutions started the new year with the first surveillance audit after the ISO recertification in 2019 by TÜV Saarland. In addition to the monitoring of the information security management system (ISMS), important intersections with new approaches to IT organization were also addressed, which Futura Solutions will pursue in 2020. The so-called DevOps method, which aims at closer cooperation and integration of software development and IT operations, will play a major role.

Information security requires a holistic approach. As a provider of cloud-based solutions at the same time as an IT service provider, the responsibility regarding the topic of information security plays a major role for Futura Solutions. The conscious decision to subject the entire company, including the organization, i.e., all applications and processes required for the development and operation of the FUTURA cloud solution, to the ISO certification is an important step in this direction. The annual audits for ISO/IEC 27001 certification have the task of monitoring the further developments around the core, the information security management system (ISMS).

Information security perspective

"IT security is only one aspect of cloud computing. The impetus for closer integration of the development and IT operations teams – and thus the use of new platforms and technical processes in our IT organization - is just as important," emphasizes Hartmut Schwadtke (pictured 2nd from right), Managing Director at Futura Solutions. In the future, so-called DevOps will bring development and IT operations teams closer together, among other things. DevOps is an artificial word made up of "Dev", which represents the software developers, and "Ops", which stands for IT operations.

"The DevOps approach helps to ensure a sustainably high level of software quality, rapid and regular development of new releases, and optimal collaboration between all stakeholders in the project," confirms Markus Frank (pictured, 3rd from right), Head of IT Infrastructure Cloud since August 2019 and responsible for the transformation program. "We are in the process of laying the technical foundations for this. And of course it is a matter of following the ISO principle in this area as well, e.g., in the establishment of the associated, additional control measures such as security and function validation of program code, access protection, guidelines or training."

High level of security and risk management

"We must acknowledge that Futura Solutions has kept up the level persistently and broadly since the initial certification," confirms Holger Bohne, principal auditor at TÜV Saarland. "In view of the threat situation, in which IT service providers are increasingly becoming the subject of targeted attacks to hit companies, this is particularly noteworthy."

Consultants from DEUDAT GmbH, external data protection officers for Futura Solutions, also accompany the regular internal audits. The initial certification took place in 2015. The second surveillance audit will take place in one year; the next recertification is due in 2021.

f.r.t.l.: Holger Bohne (Auditor TÜV Saarland), Hartmut Schwadtke (Managing Director Futura Solutions), Markus Frank (IT Manager Futura Solutions), Michael Kastak (DEUDAT)