1&1 De-Mail GmbH

Development of a certifiable information security management system (ISMS)

according to ISO/IEC 27001 and BSI Standard 100-2
1&1 De-Mail GmbH (1&1) is a wholly owned subsidiary of 1&1 Mail &Media GmbH with the purpose of providing all De-Mail mailboxes offered by the United Internet AG group of companies. These include the familiar mailboxes and The De-Mail standard provides a secure infrastructure for digital communication which may only be offered by accredited De-Mail service providers (DMDA).

In 2011, secunet was commissioned to support 1&1 De-Mail GmbH in its accreditation as a DMDA by setting up an information security management system (ISMS) in accordance with ISO/IEC 27001 and BSI Standard 100-2.

This included setting up an ISMS in accordance with BSI IT-Grundschutz based on ISO/IEC 27001 in the group (company requirement), setting up a data protection organization and a management system at 1&1 Mail & Media GmbH and, in the course of the project, at the newly founded 1&1 De-Mail GmbH, setting up the security organization at 1&1 Mail & Media GmbH and, in the course of the project, at 1&1 De-Mail GmbH, and drawing up a security concept in accordance with Technical Guideline TR 01201. Throughout the project, secunet took over representation vis-à-vis external auditors and the supervisory authorities BSI and BfDI. In the meantime, the management system has been migrated from BSI Standard 100-2 (IT-Grundschutz) to the international standard ISO/IEC 27001 due to group requirements.

During the course of the assignment, further requirements arose from changes in the law, such as the implementation of the EU's eIDAS regulation and the conversion of the data protection management system to the General Data Protection Regulation (GDPR). These tasks, as well as a separate ISMS project for the certification of the European netID Foundation according to ISO/IEC 27001, were accompanied by secunet, just like the original accreditation project.

With secunet's consulting services, the successful initial accreditation as DMDA took place at CeBIT 2012. To maintain accreditation as a DMDA, proof must be provided regularly or in the event of significant changes that the prescribed requirements continue to be met. secunet supports 1&1 in complying with the requirements in accordance with the law and accompanies the annual external audits and certifications for reaccreditation (De-Mail and eIDAS). In this context, secunet works closely with the supervisory authorities BSI and BfDI and acts as a certified trust service provider in accordance with the eiDAS regulation. Since the accreditation, secunet has been deployed as security officer and information security manager of De-Mail and also acts as consultant for DE-Mail GmbH on new strategic topics such as BSI TR 03108, eIDAS or IT Security Act.

Contact request
Haben Sie noch Fragen zu secunet Beratungsangeboten für die Industrie?
Haben Sie noch Fragen zu secunet Beratungsangeboten für die Industrie?

Schicken Sie uns eine Anfrage über das Kontaktformular. Wir helfen gerne weiter.

Seite 1