Menu X

ISO 27001

Our experts support you with the implementation or improvement of your professional information security management system (ISMS). We work according to international standards like ISO/IEC 27001 as well as consider your compliance requirements and other internal parameters.

The ISO 27001 has numerous advantages, e.g. an advantage regarding calls for tender, a trust bonus with clients and public authorities as well as a higher business value of services. It is also a legally valid proof of diligence. Continuous optimisation leads to a constant system improvement.

After having performed numerous ISMS implementation projects we can offer you our vast experience as both consultants and auditors. This “good practice” approach is perceived as a special additional value by many of our clients as it results directly in efficient project execution, acceptance and sustainability.

Get in touch
Learn more

ISO 27001

Your management has recognised the advantages, but wants to know which ISMS requirements the organisation should implement in order to successfully demonstrate a certified ISMS? We support you with the following activities:

  • actual state analysis of the ISMS
  • target-actual comparison
  • definition and implementation of measures to close gaps
  • establishment of the efficiency of the ISMS and the realised measures
  • coaching support for the efficient operation of the ISMS

We can also advise you by conducting a pre-certification audit (27001 compliance audit). Our certified ISMS auditors establish possible needs for action and help you to close eventual gaps.

Because of the relevance of information technology in more and more business areas within an organisation – the relevance of which will grow even further in the future – its risks and especially their controllability move into the focus of the management.

IT risk management has many facets and intervenes in all subject areas of information technology, from software development to integration to an efficient operation of the infrastructure – all from a technical as well as an organisational point of view. Classic consulting activities are:

  • development of a risk policy in coordination with the management
  • development of a methodology (e.g. Crisam, ISO/IEC 27005: ISO 27005) to establish and manage IT risks
  • description of the interface to the company risk management
  • implementation of business impact analyses and establishment of protection needs
  • implementation of threat- and risk analyses in order to establish your risks
  • selection of appropriate measures and their prioritisation