A modular system for protection of sensitive data
Advantages at a glance
With many years of experience, our IT security consultants, accredited auditors and auditors support you in achieving your specific security goals.
Our brief revision gives you a comprehensive overview of the current status of your information security and supports you in the next steps.
We enable certification according to ISO/IEC 27001 on the basis of IT-Grundschutz. With this recognized certificate, you can prove a functioning ISMS and thus have one of the most valuable security seals in Germany.
An ISMS can only function if employees are appropriately sensitized to information security. For this purpose, we also conduct trainings as well as events for your selected target groups.
ISMS according to IT-Grundschutz (IT baseline protection) of the BSI
Nowadays, data is processed electronically in almost every organization. Sensitive information in particular requires special protection. Legal requirements, for example in the handling of personnel data, or compliance requirements must often be observed.
That is why a reliable and permanently functioning ISMS is increasingly becoming an important success factor. It is not just valuable government and corporate data that is at stake: Citizens, customers, partners, suppliers and government bodies also demand optimal data protection and early risk detection through security concepts. The German Federal Office for Information Security (BSI) developed the IT-Grundschutz for this purpose.
That is why a reliable and permanently functioning ISMS is increasingly becoming an important success factor. This is not only about valuable public authority and company data: Citizens, customers, partners, suppliers and government bodies also demand optimal data protection and early risk detection through security concepts. The Federal Office for Information Security (BSI) has developed the IT-Grundschutz for this purpose.
IT-Grundschutz makes it possible to identify and implement necessary security measures through a systematic approach. At the same time, it remains flexible due to its modular system and can be individually adapted to each organisation.
BSI's IT-Grundschutz is compatible with the ISO/IEC 27001 standard and is therefore also enjoys an international reputation.
We support you in every phase of the set-up process - for example:
- Selection and delimitation of the IT network
- Determination of the need for protection
- Risk analysis
- Definition of measures
It is important to us to specifically determine the needs of your organisation in order to achieve an optimal and cost-efficient solution through the security concept. Therefore, we use our many years of experience to support you in achieving your individual security goals.
ISMS according to ISO 27001
Information Security Management according to ISO/IEC 27001:2022
In every company or organization, there is information that must be protected against misuse, loss, disclosure, destruction and manipulation. In addition to personal data, this also includes business and trade secrets. The confidentiality, availability and integrity of this information is also of particular importance in the interests of customers, business partners and employees.
For more and more companies and organizations, information security has therefore become an integral part of business policy and an indispensable success factor.
The international standard ISO/IEC 27001:2022
In order to initiate, implement, monitor, review and, above all, improve information security measures, establishing an ISMS based on the international standard ISO/IEC 27001:2022 is a proven option. This management system can be operated together with already existing management systems, e.g. according to ISO 14001, ISO 9001 or ISO/IEC 20000, and make information security measurable and comparable in a later expansion stage.
With us as your partner: Go from being driven to being driven
For us, it is irrelevant whether your company or organization "only" wants to follow the ISO/IEC 27001:2022 standard or whether you are aiming for corporate certification and thus strict application of the standard: We offer solutions tailored to your needs that provide you with a foundation for actively managing information security risks.
Our basic analysis of information security, for example, provides you with an inventory of the current level of security. Guided interviews are used to examine the topics of organization, risk management, emergency management, employee awareness, physical security, IT service management, IT security and compliance.
The evaluation takes the form of a report using graphs and includes suggested measures for improving your security level.
In order to uncover technical weaknesses in addition to organizational improvement potential, our basic information security analysis can be combined with a technical security analysis (penetration test).
Information security check
With our information security check according to ISO/IEC 27001:2022, we offer customers who are seeking or already have corporate certification according to this standard both an evaluation of their ISMS and a review of the implementation of the action objectives and measures from Annex A. We take a modular approach so that we can identify potential for organizational improvement as well as technical vulnerabilities (penetration test). We take a modular approach so that we can offer you both parts of the information security check independently of each other and also individually if required.
Details on beneficial aspects of the ISMS
Anyone who has the task of advancing their own institution's information security often faces the challenge of taking the first step. That's why secunet has developed a security check based on the BSI's brief revision. This enables you to take the first, effortless step of gaining a comprehensive overview of the current status of information security and supports you in proceeding further.
Many ministries and subordinate authorities have already entered the subject of ISMS together with us. The standardized methodology is based on a uniform catalog of questions based on the requirements of IT-Grundschutz. The status of information security is assessed in two days in the form of interviews and site inspections. Audit topics can be expanded, adapted or deepened to meet your specific requirements.
No special prerequisites are necessary for the brief revision - a security concept or a fully implemented security management system do not yet have to be in place. According to the BSI building block model (formerly layer model), all areas of your organization are considered.
Due to the high standardization of the contents and the process, results can be compared in repeated audits. In a final audit report, we not only present the safety deficiencies, but also already provide recommendations for measures that can be implemented quickly and effectively.
When the ISMS has reached an advanced level of maturity, you can continue to strive for certification in accordance with the ISO/IEC 27001 standard based on IT-Grundschutz. With this recognized certificate, you can demonstrate a functioning ISMS and thus have one of the most valuable security seals in Germany. In this way, you show citizens, customers and business partners that you attach great importance to IT security. You benefit from a sustainable, high level of security that protects against current threats and minimizes the resulting risks.
Our experienced consultants, accredited auditors and auditors will support you in preparing for certification - if desired, also during the audit itself. If you are not sure whether you meet all the requirements for certification, we will check them as part of an internal pre-audit. This way you are successfully prepared for the actual certification. If you do not need an ISO/IEC 27001 certificate based on IT-Grundschutz in the first step, we also offer audits to acquire "beginner" certificates with a one or two-year term.
ISO/IEC 27001 certifications based on IT-Grundschutz have a term of up to three years. After that, re-certification takes place. To ensure that you continue to be certified, we support you during the annual surveillance audits. For this purpose, we accompany you at an early stage in the planning and handling of changes in the certification network and support you in eliminating identified deficiencies.
An ISMS can only function if employees are appropriately trained or sensitized to the topic of information security. To this end, we also conduct training courses and events for your selected target groups - whether for new or all employees, managers, administrators or IT specialists. In addition, we offer the conception and implementation of further awareness measures: Our tools range from awareness flyers and concepts to creative topic immersion and live hacking shows.
Security concepts are an essential basis for defining, prioritizing and implementing security requirements for systems or processes. Thus, they are a crucial part of an ISMS. Not only IT-based values are considered: A security concept sets security goals for an environment, which are derived from the risks and the protection needs of the information. We then develop appropriate measures to achieve these goals. A security concept can also cover only parts of the IT infrastructure.
We support you both in the creation of generalized security concepts for your entire IT landscape and in the development of system- or application-specific detailed concepts. The basis for this is the IT-Grundschutz methodology of the BSI.
Send us an inquiry via the contact form. We will be happy to help.