ISO 27001
THE Norm for information security: safe framework, individual design
The comprehensive framework of the ISO/IEC 27001 certification standard and the ISO/IEC 27002 practical guide enable the introduction of an information security management system (ISMS) from a single source. The structured process approach avoids problems that can arise from the implementation of individual measures. Security gaps are systematically assessed and minimised. The risk analysis shows the individual security requirements of an organisation, with cost-effectiveness being a key criterion for the implementation of measures.From implementation …
ISO/IEC 27001 specifies the requirements of an information security management system (ISMS). ISO/IEC 27002 contains further information and offers support for the implementation of an ISMS.
… for certification
ISO 27001 is the standard for information security that can also be certified and thus offers veritable competitive advantages and eliminates the need for time-consuming individual verifications.
The standard allows organisations of all sizes and industries to implement, measure, control and internally audit information security for self-assessment. The review of the ISMS by an independent accredited organisation such as CIS results in ISO 27001 certification following the specified certification process.
Your advantages with ISO 27001
- Proven standard for protecting your intangible assets: analogue and digital information
- Framework for technical and organisational measures with effectiveness monitoring and optimisation loops
- Highest level of data and information protection
- High availability of IT services
Certification
ISO 27001 deals with the introduction and documentation of ISMS. ISO 27002 contains information on more than 100 security measures (controls).
The standard allows organisations of all sizes and industries to implement, measure, control and internally audit information security for self-assessment.
The review of the ISMS by an independent accredited organisation such as CIS leads to ISO 27001 certification in accordance with the specified certification process. Information on the project phases and the certification process can be found here.
ISO 27001 certifications as a basis for further specialised certifications
The ISO 27001 series of standards offers further sub-standards on the basis of which an ISO 27001 certification can be extended.
The last extremely relevant standard in this context is ISO/IEC 27701, which supplements ISO 27001 with the requirements of a data protection management system based on the General Data Protection Regulation.
Focus certifications for which CIS is accredited:
- ISO/IEC 27701 – Data protection management
- ISO/IEC 27017/18 – Cloud Security
- ISO/IEC 27019 – Protection of process control systems in energy supply
- IT security catalogue in accordance with Section 11 (1a) of the Energy Industry Act (DE) based on the IT security catalogue for the Energy Industry Act
Training and further education
Expertise at first hand
The CIS training courses provide in-depth specialist knowledge “directly from the certification partner” and cover key standard content, its interpretation and application as well as legal principles and psychology. Know how! Implement, operate and optimise management systems effectively, audit in a targeted manner and communicate effectively. By the way: All training courses can also be booked inhouse. Write to us – we will be happy to help you.
Information Security Manager
As a graduate of this training programme, you will be familiar with the processes and standard requirements for implementing ISO 27001 and ISO 27002 and will be able to apply these in practice. You will be familiar with the laws and regulations relevant to information security and have the tools to be a competent contact for legal advisors. You will also know how to form, lead and motivate teams and be able to successfully implement projects.
Armed for the future
Building on the Manager programme, we also offer a course for auditors. Business continuity management, NIS-2 management training, hacking labs and other specialised products will make you fit for the future of cybersecurity in your company.
New standards 2024
The International Organisation for Standardisation (ISO) and the International Accreditation Forum (IAF) have published a joint communiqué due to the climate crisis and its effects. These requirements have been valid since 23 February 2024.
This communiqué sets out changes to ensure that companies and organisations address these issues. These changes are anchored in the following chapters of the standard
Chapter 4.1: ‘The organisation shall determine whether climate change is a relevant topic.’
Original text: ‘The organisation shall determine whether climate change is a relevant issue.
Chapter 4.2: ‘Note: Relevant interested parties may have requirements related to climate change.
Original text: ‘NOTE: Relevant interested parties can have requirements related to climate change.’
Request
We are delighted that you are interested in our services. We will be happy to send you further information. Please provide us with the following information:
