Our Services

for ISO 27001 and TISAX® Certification

We support companies from all industries with their certification and the recurring tasks that result from it. We offer needs-based assistance in establishing secure management systems, processes, and IT infrastructure.

Services

at a Glance

The ISMS Solution is our comprehensive package for company certification. We implement a quickly deployable ISMS at a fixed price and tailor it entirely to your company.
Learn more about the ISMS/QMS Solution

Adjustments or corrections are part of a healthy ISMS. Changes your company undergoes lead to corresponding changes in your ISMS. These could be new projects or products resulting in changes to internal processes and risks for the company. We can help plan and implement these changes to adapt your management system flexibly to new requirements and keep it in compliance with the standards.

What we do for you:

  • Risk assessments to support a consistent evaluation of risks
  • Efficient handling of risks according to established priorities
  • Support in planning effective and cost-efficient measures against risks
  • Consultation, review, and implementation of changes
  • Emphasizing the importance of information security within your company to your employees, motivating them to contribute further improvements

In the risk assessment, we capture relevant assets to evaluate their need for protection. Identifying the relevant threats allows you to plan and take appropriate measures to reduce the expected damage with our help.

Relevant assets can include:

  • Locations and business premises
  • Items or classes of similar items
  • Virtual IT systems and individual projects in shared systems
  • Processes and policies
  • Protective information
  • External services

These assets are assigned damage potentials in case of information security breaches. For assets with business-relevant or threatening damage potential, a detailed recording of risks, the degree of information security goal violations, and their likelihood of occurrence follows. This way, it is possible to identify the most relevant threats for each asset.

In the gap analysis, our auditors conduct a compliance audit of your company to estimate the efforts required for implementation.

The measures specified by the standard are considered in the context of the company to assess whether they are applicable to the company’s area of activity and structure.

Similar to an internal audit, we evaluate with you the extent to which these measures are already met and what further efforts need to be planned.

What we do for you:

  • Identification of relevant business processes
  • Definition of the certification scope
  • Assessment of the current state
  • Planning of adjustments
  • Estimation of implementation efforts

With the internal audit, we enable you to assess your company’s compliance with the standards. As preparation for a certification audit and the subsequent annual surveillance audits / recertification audits, it provides the assurance that any non-conformities can be rectified before certification. This way, you avoid any risks during the certification audit.

Since our internal auditors are committed to your company rather than a certifier, the internal audit can also focus on specific aspects for detailed examination.

An annual internal audit is intended as part of the ongoing operation of a management system to ensure compliance with and the appropriateness of the standards.

Tasks:

  • Assessment of the current state and certifiability
  • Interviews with management and departments
  • Inspection of company locations to recognize and evaluate on-site practices and specifics
  • Identification of deviations
  • Rehearsal for the certification audit
  • Preparation of your employees

An Information Security Officer (ISO) or (Chief) Information Security Officers (CISO/ISO) considers risks related to IT technology and is responsible for information security across all areas of the company. An ISO monitors the implementation of measures within the ISMS, acts as the direct contact for all ISMS-related questions, and relieves the management in their role.

What we do for you:

  • Monitoring the implementation of necessary measures
  • Incident management
  • Emergency preparedness
  • Employee training and awareness
  • Consultation on current issues and change requests
  • Reviewing policies in light of current legal developments
  • Coordination with data protection officers and classified information officers
  • Organizing regular activities related to information security

How do we proceed?

Our approach is tailored to the needs of our clients and the role we play in their certification processes. However, our involvement generally follows this procedure:

Kick-Off

In a meeting, we plan and organize the initial steps and the approach together.

Analysis

During the analysis, we examine what separates you from achieving certification or what needs to be done to maintain it.

Consulting / Implementation

After the analysis, it becomes clear what needs to be done. Together, we determine the role in which we will support you and implement, for example, the ISMS.

Certificate

After successful implementation, you will receive or renew your certificate on time.

TISAX® is a registered trademark of the ENX Association. 3einhalb GmbH has no business relationship with ENX.