Certification of Information Security Management Systems (ISMS)

Top managers of organizations that operate an information [security] management system (ISMS) sleep more soundly: A well-established ISMS not only protects IT systems, but also all information within the company, such as the often valuable pool of employee knowledge. At a time when ISMS is becoming a legal requirement for more and more companies, such a system ensures the greatest possible legal certainty and protects companies from loss of image by minimizing risk.

Certifications according to ISO 27001 are carried out by our parent company GUTcert.

Relevant for every company

Hardly a week goes by without news about IT-based threats, such as the NSA wiretapping affair, election manipulation, ransomware, data theft or social engineering. This is fueling the public discourse on information security - and it is not only for large companies that secure and accurate data is of vital importance.

Serious IT security breaches are often caused by external influences, such as technical vulnerabilities, but frequently also by ignorant or careless employees. Only with a holistic approach can companies protect themselves in the best possible way against such internal and external dangers. An ISMS is the right solution here.

There are many approaches to integrating an effective ISMS - but only ISO/IEC 27001 is internationally recognized. The standard combines a separate risk ­analysis with specified technical and organizational measures. BSI Basic Protection is primarily intended for public authorities, but can also be used for companies. For almost all hazards and threats, a separate risk analysis is specified and corresponding measures for implementation. KRITIS operators can use any of the aforementioned systems and extend the specific requirements from their industry. If an industry-specific security standard (B3S) has been created for their industry, KRITIS operators should follow it. However, you can also use one of the aforementioned systems as the basis for your ISMS.

An ISMS is not a program or process that you start and run through once a year. Rather, it is an omnipresent companion to each of your enterprise ­processes. All employees, from the gatekeeper to the general manager, are required to use it. Training is often required for this - the GUTcert Academy therefore offers various seminars on the subject of IT security.

If you have questions about the framework conditions of a certification, the procedure during the audit or the added value of integrated certifications, the employees of GUTcert are always there for you.