With a certification according to a recognized IT standard, a company can prove beyond any doubt and publicity that it places a high priority on the topic of information security. A certificate is issued by an accredited examination center if the minimum standards required by the standard have been met from the point of view of an independent auditor.
The standards ISO 27001 and especially the ISO 27001 after IT-Grundschutz of the BSI describe meaningful measures, which make a company considerably more robust in dealing with threats of its information security. We recommend all IT managers to take a look at the IT-Grundschutz Compendium of the BSI, because on more than 700 pages you will find concrete measures on many questions of information security.
For small and medium-sized enterprises, full implementation of standards is often difficult to impossible. Also, the documentation requirements and the associated effort often lead to a strong rejection of the standards. As independent consultants, we offer assistance so that the really important measures can nevertheless be implemented. In doing so, we strive to achieve a level of protection that meets your needs and is appropriate for your threat situation.
Large companies regularly conduct audits to find out if the required measures are still being implemented by the organization. We also consider this approach to be useful for small and medium-sized companies. Regular annual inspections of the company and an inspection of specific operational procedures make those responsible responsible and motivate the workforce to strive to strengthen information security.
An on-site visit, together with an IT officer, provides our experts with the opportunity for a representative survey of the current situation. A large number of questions can be clarified directly with the employees on the following topics:
Holger Schmeken
MSc Business Informatics (Diploma at University of Münster)
IT-Security Auditor (TÜV)
Has more than 20 years of experience in general IT Consulting, Software Development and Business Management. Since 2 years intense dissemination with the topic information security consulting and auditing / revision of ISMS
Formulates rules for the management level to implement an information security management system:
This is substantiated in Annex A with a selection of objectives and measures (good pratice) on the following topics:
The Federal Office for Information Security (BSI) has thoroughly revised the IT-Grundschutz with the BSI standards 200-1 to 200-3: