Information Security

ISO/IEC 27001

Overview

Safe framework, personalized and customized design: 

The comprehensive framework of the certification standard ISO/IEC 27001 and the implementation guide ISO/IEC 27002 make it possible to establish an information security management system (ISMS) “from a single source”.

The structured process approach helps to avoid problems caused by gradual single actions. Security gaps are assessed and minimized systematically. Risk analysis shows the specific security needs of an organization, profitability being an important criteria for implementing measures.

From implementation ...

ISO/IEC 27001 specifies the requirements of an information security management system (ISMS). ISO/IEC 27002 contains further information and offers support for the implementation of an ISMS.

... to certification

ISO 27001 is the standard for information security that can also be certified, thus offering veritable competitive advantages and eliminating the need for costly individual verifications.

The standard allows organizations of any size and industry to implement, measure, control and internally audit information security for self-auditing. The review of the ISMS by an independent accredited organization such as CIS results in an ISO 27001 certification after the specified certification process.

Your advantages
  • Proven standard for protecting your intangible assets: analog and digital information
  • Framework for technical and organizational measures with effectiveness control as well as optimization loops
  • Highest protection of data and information
  • High availability of IT services
Certification

ISO 27001 deals with establishing and documenting an ISMS. ISO 27002 includes information on more than 100 security measures (controls).

The standard enables organizations of any size and sector to measure and control information security and to audit it internally for purposes of self-inspection.

Review of the ISMS performed by an independent accredited organization, such as CIS, will lead to ISO 27001 certification according to a defined certification process.

Focus certification

ISO 27001 certifications as a basis for further focus certifications

The ISO 27001 series of standards offers further sub-standards on the basis of which an ISO 27001 certification can be extended.

The latest highly relevant standard in this context is ISO/IEC 27701, which supplements ISO 27001 with the requirements of a data protection management system based on the General Data Protection Regulation.

The following can be mentioned as key certifications for which CIS is accredited

  • ISO/IEC 27701 – Data protection
  • ISO/IEC 27018 – Protection of personal data in clouds
  • ISO/IEC 27019 – Protection of process control systems in the energy industry
  • IT security catalog in accordance with §11 section 1a of the Energy Industry Act (Germany) based on IT security catalog for German EnWg

Request for Quotation

We are pleased that you are interested in our services. We gladly provide you with a free and non-binding quotation and therefore kindly ask you for the following information:

    More products in alphabetical order

    Contact details

    Note that fields marked with an asterisk (*) have to be filled out!

    You need further information?

    We look
    forward to
    hearing from
    you!

    Write to us!

    Do you have specific inquiries about the CIS service portfolio? Our experts will be happy to provide you with advice and support at any time!

    Our expert

    Impartial. Competent. Trustworthy.

    Team

    Mr. Robert Jamnik

    Head of Audit Services, Lead Auditor ISO 20000, ISO 27001 and NISV-Überprüfungen

    +43 732 34 23 22