Successfully managing information security
Advantages at a glance
Why an ISMS is important
Nowadays, data is processed electronically in every organization. Sensitive information in particular must be protected against misuse, loss, disclosure, destruction and manipulation. In addition to personal data, this also includes business and trade secrets. Legal requirements - such as those stipulated by NIS-2 - or compliance requirements must be observed.
Employees, citizens, customers, partners, suppliers and government bodies also demand optimal information security and risk management through security concepts. This is why a reliable and permanently functional ISMS is increasingly becoming an important success factor.
ISMS according to ISO/IEC 27001
International standard
In order to initiate, review and, above all, improve information security measures, the establishment of an ISMS based on the international standard ISO/IEC 27001 has proven its worth. The standard defines how information security can be ensured in organizations. A corresponding management system can be operated together with existing management systems, e.g. in accordance with ISO 14001, ISO 9001 or ISO/IEC 20000.
It makes no difference to us whether your company or organization “only” wants to comply with the ISO/IEC 27001 standard or whether you are aiming for corporate certification and therefore strict application of the standard: We offer you solutions tailored to your needs that provide you with a basis for actively dealing with risks in the area of information security.
We support you in the introduction, operation and further development of an ISMS. Our proven process model is based on numerous successful projects and our best practices.
Our services include
- Design, implementation and optimization of ISMS - with and without certification
- Testing existing systems for certification readiness
- Conducting audits in accordance with ISO/IEC 27001 and IT baseline protection or a combination of the two
- Support with certification procedures
With our information security check in accordance with ISO/IEC 27001:2022, we offer customers who are aiming for or already have company certification in accordance with this standard both an assessment of their ISMS and a review of the implementation of the objectives and measures from Annex A. We take a modular approach so that we can offer you both parts of the information security check independently of each other and also separately if required.
The evaluation takes the form of a report using graphics and contains suggestions for measures to improve your security level.
Our basic information security analysis can be combined with a technical security analysis (penetration test) to uncover technical weaknesses as well as organizational improvement potential.
ISMS according to IT baseline protection
Methodology of the Federal Office for Information Security (BSI)
The German Federal Office for Information Security (BSI) has developed IT baseline protection as a holistic approach to information security.
IT baseline protection makes it possible to identify and implement the necessary security measures through a systematic approach. Thanks to its modular system, it remains flexible and can be individually adapted to any organization.
The BSI's IT baseline protection is compatible with the ISO/IEC 27001 standard and therefore an international reputation.
We support you in every phase of setting up an ISMS according to IT baseline protection, for example with:
- Selection and delimitation of the IT network
- Determination of the protection requirements
- Basic protection checks
- Risk analysis
- Definition of measures
- Implementation
The focus is on your individual security objectives. It is important to us to specifically define the needs of your organization in order to achieve an optimal and cost-efficient solution through the security concept.
Anyone who has the task of advancing the information security of their own institution is often faced with the challenge of taking the first step. This is why secunet has developed a security check based on the BSI's IS short revision. This enables you to take the first, effortless step of gaining a comprehensive overview of the current status of information security and supports you in the next steps.
Many ministries and subordinate authorities have already started working with us on the topic of ISMS.
The standardized methodology is based on a uniform questionnaire based on the requirements of IT baseline protection. The status of information security is assessed in two days in the form of interviews and inspections of the properties. Audit topics can be expanded, adapted or deepened with a view to your specific requirements.
Security concepts are an essential basis for defining, prioritizing and implementing security requirements for systems or processes. They are therefore a crucial part of an information security system. Not only IT-based values are considered: A security concept sets security objectives for an environment that are derived from the risks and protection requirements of the information. We then develop appropriate measures to achieve these goals. A security concept can also cover only parts of the IT infrastructure.
We support you both in the creation of generalized security concepts for your entire IT landscape and in the development of detailed concepts for specific systems or applications. The basis for this is the IT baseline protection methodology of the BSI.
An ISMS can only work if employees are appropriately trained and sensitized to the topic of information security. To this end, we also conduct training courses and events such as our security awareness training for your selected target groups - whether for new or all employees, managers, administrators or IT specialists. We also offer the design and implementation of other awareness measures: Our tools range from awareness flyers and concepts to creative in-depth topics and live hacking shows.
Once the ISMS has reached an advanced level of maturity, you can continue to strive for certification in accordance with the ISO/IEC 27001 standard based on IT baseline protection. With this recognized certificate, you can prove that you have a functioning ISMS and thus have one of the most valuable security seals in Germany.
Our experienced consultants, accredited auditors and reviewers will support you in preparing for certification - even during the audit itself if you wish. If you are not sure whether you meet all the requirements for certification, we will check these as part of an internal pre-audit. This ensures that you are successfully prepared for the actual certification. If you do not require an ISO/IEC 27001 certificate based on IT baseline protection as a first step, we also offer audits for the acquisition of “entry-level” certificates with a one or two-year term.
ISMS certifications in accordance with ISO/IEC 27001 on the basis of IT baseline protection have a term of up to three years. After that, recertification takes place. To ensure that you continue to be certified, we support you with the annual surveillance audits. To this end, we support you at an early stage in the planning and handling of changes in the certification network and help you to rectify any deficiencies identified.
Send us an inquiry via the contact form. We will be happy to help.
