Information Security

ISO/IEC 27001


Safe framework, personalized and customized design: 

The comprehensive framework of the certification standard ISO/IEC 27001 and the implementation guide ISO/IEC 27002 make it possible to establish an information security management system (ISMS) “from a single source”.

The structured process approach helps to avoid problems caused by gradual single actions. Security gaps are assessed and minimized systematically. Risk analysis shows the specific security needs of an organization, profitability being an important criteria for implementing measures.

From implementation ...

ISO/IEC 27001 specifies the requirements of an information security management system (ISMS). ISO/IEC 27002 contains further information and offers support for the implementation of an ISMS.

... to certification

ISO 27001 is the standard for information security that can also be certified, thus offering veritable competitive advantages and eliminating the need for costly individual verifications.

The standard allows organizations of any size and industry to implement, measure, control and internally audit information security for self-auditing. The review of the ISMS by an independent accredited organization such as CIS results in an ISO 27001 certification after the specified certification process.

Your advantages
  • Proven standard for protecting your intangible assets: analog and digital information
  • Framework for technical and organizational measures with effectiveness control as well as optimization loops
  • Highest protection of data and information
  • High availability of IT services

ISO 27001 deals with establishing and documenting an ISMS. ISO 27002 includes information on more than 100 security measures (controls).

The standard enables organizations of any size and sector to measure and control information security and to audit it internally for purposes of self-inspection.

Review of the ISMS performed by an independent accredited organization, such as CIS, will lead to ISO 27001 certification according to a defined certification process.

Focus certification

ISO 27001 certifications as a basis for further focus certifications

The ISO 27001 series of standards offers further sub-standards on the basis of which an ISO 27001 certification can be extended.

The latest highly relevant standard in this context is ISO/IEC 27701, which supplements ISO 27001 with the requirements of a data protection management system based on the General Data Protection Regulation.

The following can be mentioned as key certifications for which CIS is accredited

  • ISO/IEC 27701 – Data protection
  • ISO/IEC 27018 – Protection of personal data in clouds
  • ISO/IEC 27019 – Protection of process control systems in the energy industry
  • IT security catalog in accordance with §11 section 1a of the Energy Industry Act (Germany) based on IT security catalog for German EnWg

The International Organization for Standardization (ISO) and the International Accreditation Forum (IAF) have published a joint communiqué due to the climate crisis and its effects. These requirements are valid from February 23, 2024.

This communiqué lists changes that are intended to ensure that companies and organizations address these issues. These changes are anchored in the following chapters of the standard:

Chapter 4.1: 'The organization shall determine whether climate change is a relevant issue.'
Chapter 4.2: 'NOTE: Relevant interested parties can have requirements related to climate change.

Revison 2022

In October 2022, the revision of ISO 27001:2022 was published.

Here you will also find a compact overview of the innovations and deadlines (in German language). If you have any questions about the transition period and changes, we will be happy to assist you. Please don't hesitate to contact us!

All our training courses on the subject of information security or ISO 27001 and ISO 27002 already take into account the new requirements of the 2022 revision.


We are pleased that you are interested in our services. We gladly provide you with free and non-binding information and therefore kindly ask you for the following information:

Error: Contact form not found.

We look
forward to
hearing from

Write to us!

Do you have specific inquiries about the CIS service portfolio? Our experts will be happy to provide you with advice and support at any time!

Our experts for this area

Impartial. Competent. Trustworthy.


Portraitfoto Robert Jamnik

Mr. Robert Jamnik

Head of Audit Services, Lead Auditor ISO 20000, ISO 27001 and NISV

+43 1 532 98 90