Our Services
for ISO 27001 and TISAX® Certification
We support companies from all industries with their certification and the recurring tasks that result from it. We offer needs-based assistance in establishing secure management systems, processes, and IT infrastructure.
Services
at a Glance
Learn more about the ISMS/QMS Solution
What we do for you:
- Risk assessments to support a consistent evaluation of risks
- Efficient handling of risks according to established priorities
- Support in planning effective and cost-efficient measures against risks
- Consultation, review, and implementation of changes
- Emphasizing the importance of information security within your company to your employees, motivating them to contribute further improvements
Relevant assets can include:
- Locations and business premises
- Items or classes of similar items
- Virtual IT systems and individual projects in shared systems
- Processes and policies
- Protective information
- External services
These assets are assigned damage potentials in case of information security breaches. For assets with business-relevant or threatening damage potential, a detailed recording of risks, the degree of information security goal violations, and their likelihood of occurrence follows. This way, it is possible to identify the most relevant threats for each asset.
The measures specified by the standard are considered in the context of the company to assess whether they are applicable to the company’s area of activity and structure.
Similar to an internal audit, we evaluate with you the extent to which these measures are already met and what further efforts need to be planned.
What we do for you:
- Identification of relevant business processes
- Definition of the certification scope
- Assessment of the current state
- Planning of adjustments
- Estimation of implementation efforts
Since our internal auditors are committed to your company rather than a certifier, the internal audit can also focus on specific aspects for detailed examination.
An annual internal audit is intended as part of the ongoing operation of a management system to ensure compliance with and the appropriateness of the standards.
Tasks:
- Assessment of the current state and certifiability
- Interviews with management and departments
- Inspection of company locations to recognize and evaluate on-site practices and specifics
- Identification of deviations
- Rehearsal for the certification audit
- Preparation of your employees
What we do for you:
- Monitoring the implementation of necessary measures
- Incident management
- Emergency preparedness
- Employee training and awareness
- Consultation on current issues and change requests
- Reviewing policies in light of current legal developments
- Coordination with data protection officers and classified information officers
- Organizing regular activities related to information security
How do we proceed?
Our approach is tailored to the needs of our clients and the role we play in their certification processes. However, our involvement generally follows this procedure:
Kick-Off
Analysis
Consulting / Implementation
Certificate
TISAX® is a registered trademark of the ENX Association. 3einhalb GmbH has no business relationship with ENX.