Safe framework, personalized and customized design:
The comprehensive framework of the certification standard ISO/IEC 27001 and the implementation guide ISO/IEC 27002 make it possible to establish an information security management system (ISMS) “from a single source”.
The structured process approach helps to avoid problems caused by gradual single actions. Security gaps are assessed and minimized systematically. Risk analysis shows the specific security needs of an organization, profitability being an important criteria for implementing measures.
From implementation ...
ISO/IEC 27001 specifies the requirements of an information security management system (ISMS). ISO/IEC 27002 contains further information and offers support for the implementation of an ISMS.
... to certification
ISO 27001 is the standard for information security that can also be certified, thus offering veritable competitive advantages and eliminating the need for costly individual verifications.
The standard allows organizations of any size and industry to implement, measure, control and internally audit information security for self-auditing. The review of the ISMS by an independent accredited organization such as CIS results in an ISO 27001 certification after the specified certification process.
- Proven standard for protecting your intangible assets: analog and digital information
- Framework for technical and organizational measures with effectiveness control as well as optimization loops
- Highest protection of data and information
- High availability of IT services
ISO 27001 deals with establishing and documenting an ISMS. ISO 27002 includes information on more than 100 security measures (controls).
The standard enables organizations of any size and sector to measure and control information security and to audit it internally for purposes of self-inspection.
Review of the ISMS performed by an independent accredited organization, such as CIS, will lead to ISO 27001 certification according to a defined certification process.
ISO 27001 certifications as a basis for further focus certifications
The ISO 27001 series of standards offers further sub-standards on the basis of which an ISO 27001 certification can be extended.
The latest highly relevant standard in this context is ISO/IEC 27701, which supplements ISO 27001 with the requirements of a data protection management system based on the General Data Protection Regulation.
The following can be mentioned as key certifications for which CIS is accredited
- ISO/IEC 27701 – Data protection
- ISO/IEC 27018 – Protection of personal data in clouds
- ISO/IEC 27019 – Protection of process control systems in the energy industry
- IT security catalog in accordance with §11 section 1a of the Energy Industry Act (Germany) based on IT security catalog for German EnWg