Safe framework, personalized and customized design:
The comprehensive framework of the certification standard ISO/IEC 27001 and the implementation guide ISO/IEC 27002 make it possible to establish an information security management system (ISMS) “from a single source”.
The structured process approach helps to avoid problems caused by gradual single actions. Security gaps are assessed and minimized systematically. Risk analysis shows the specific security needs of an organization, profitability being an important criteria for implementing measures.
From implementation ...
ISO/IEC 27001 specifies the requirements of an information security management system (ISMS). ISO/IEC 27002 contains further information and offers support for the implementation of an ISMS.
... to certification
ISO 27001 is the standard for information security that can also be certified, thus offering veritable competitive advantages and eliminating the need for costly individual verifications.
The standard allows organizations of any size and industry to implement, measure, control and internally audit information security for self-auditing. The review of the ISMS by an independent accredited organization such as CIS results in an ISO 27001 certification after the specified certification process.
In October 2022, the revision of ISO 27001:2022 was published.
Here you will also find a compact overview of the innovations and deadlines (in German language). If you have any questions about the transition period and changes, we will be happy to assist you. Please don't hesitate to contact us!
All our training courses on the subject of information security or ISO 27001 and ISO 27002 already take into account the new requirements of the 2022 revision.
- Proven standard for protecting your intangible assets: analog and digital information
- Framework for technical and organizational measures with effectiveness control as well as optimization loops
- Highest protection of data and information
- High availability of IT services
ISO 27001 deals with establishing and documenting an ISMS. ISO 27002 includes information on more than 100 security measures (controls).
The standard enables organizations of any size and sector to measure and control information security and to audit it internally for purposes of self-inspection.
Review of the ISMS performed by an independent accredited organization, such as CIS, will lead to ISO 27001 certification according to a defined certification process.
ISO 27001 certifications as a basis for further focus certifications
The ISO 27001 series of standards offers further sub-standards on the basis of which an ISO 27001 certification can be extended.
The latest highly relevant standard in this context is ISO/IEC 27701, which supplements ISO 27001 with the requirements of a data protection management system based on the General Data Protection Regulation.
The following can be mentioned as key certifications for which CIS is accredited
- ISO/IEC 27701 – Data protection
- ISO/IEC 27018 – Protection of personal data in clouds
- ISO/IEC 27019 – Protection of process control systems in the energy industry
- IT security catalog in accordance with §11 section 1a of the Energy Industry Act (Germany) based on IT security catalog for German EnWg