Glossary

ISO 27001

Information Security Management System (ISMS)

Definition

ISO/IEC 27001 deals with the implementation and operation of an Information Security Management System (ISMS). Within this framework, it verifies whether common aspects of information security have been considered at both organizational and technical levels. Additionally, it requires the regular conduct of individual risk assessments to cover specific aspects of information security within a company.

Advantages

With successful ISO 27001 certification, you can demonstrate to your customers that you actively protect entrusted data and tasks from potential risks.

Exploring new business opportunities that require ISO 27001 certification
Maintaining customer relationships with companies that exclusively collaborate with certified entities
High trust from customers in the business relationship
Positive differentiation from your competitors
Active protection against potential risks

Technical & organizational measures

Development and communication of information security policies
Management of information security incidents
Preparation for maintaining information security
Seperation of duties and verifiability of activities
Integration of information security into individual projects and development
Secure handling of devices and data carriers outside of your business premises
Contractual agreements of responsibilities and corresponding regular training

Inventorying sensitive information and valuables
Administration of users and user rights, as well as secure identification of users in IT systems
Use of encryption technology and communication security
Physical security of your business premises and the information and devices within
Documentation, control, and logging of operational processes
Consideration of suppliers and service providers