Österreich
Secure Your Business
 
suchen
 

ISO 27001 – INFORMATION SECURITY WITH A SYSTEM

 

Ehm_Johann

"Our customers rely on us to operate
a highly secure data center.
The certification acc. to ISO 27001
is a visible proof. "

 

Johann Ehm,
Managing Director
Danube IT Services GmbH

 


Safe framework, personalized and customized design: The comprehensive framework of the Certification Standard ISO/IEC 27001 and the Implementation Guide ISO/IEC 27002 makes it possible to establish an information security management system for (ISMS) “of a piece”. The structured process approach helps to avoid problems caused by gradual single actions. Security gaps are assessed and minimized systematically. Risk analysis shows the specific security needs of an organization, profitability being an important criterion for implementing measures.

 

From implementation to certification

ISO 27001 deals with establishing and documenting an ISMS. ISO 27002 includes information on more than 130 security measures (controls). The standard enables organizations of any size and sector to measure and control information security and to audit it internally for purposes of self-inspection. Review of the ISMS performed by an independent accredited organization, such as CIS, will lead to ISO 27001 certification according to a defined certification procedure.

  

Unique worldwide: the Certificate

ISO 27001 is the only standard for information security worldwide that is certifiable and thus offers real competitive advantages and saves single evidence. Sector and topic specific supplementary standards of the ISO 27k Series, which are continually being further developed, serve as an implementation aid. As for the contents, ISO 27001 does not only include aspects relating to technical IT security but also organizational, personal and physical aspects, which range from people awareness to fire protection. Information security starts on one’s own desk and ends in the fail-proof computing centre.

 
 

Structure of the main chapters of ISO 27001:2013
Context of the organization, Leadership, Planning, Support,
Operation, Performance evaluation, Improvement.

The 14 chapters of ISO 27002:2013 / ISO 27001 Annex A

Security Policies27001_certificate_web_hoch_cutt

Organisation of information security

Human resource security

Asset management

Access control

Cryptography

Physical & environmental security

Operations security

Communications security

System acquisition, development and maintainance

Supplier relationships

IS incident management

IS aspects of business continuity management

Compliance
 


Up-to-date: thanks to continual improvement

Companies certified acc. to ISO react to changing requirements proactively: The continual improvement process (CIP) helps to permanently adapt the internal actual state to a desired state, which is being revised periodically. Thus certified companies are highly flexible – always to the state of the art relating to technical and organizational possibilities.

 

 

 

 
 
CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com

T&C