ISO 27001 certification
Preparation for an ISO 27001 certification
Our consultants help you and your company prepare for a successful ISO 27001 certification. First and foremost, this means the development of a functioning information security management system (ISMS). In principle, it doesn’t matter whether you are at the beginning of this process or have already made progress. We’ll assist you at every stage, completely in accordance with your individual needs.
- If available, we audit the current system. We inspect your processes and their documentation, identify deficits in relation to the standard requirements, and show possibilities for improvement.
- We support you in the development of a strategy for corporate information security and assist you in the creation of your security policy and other ISMS regulation documents.
- We help with the identification of relevant dangers and the risk analysis.
- We support you in the practical implementation of the developed strategy and in the selection and implementation of the required measures.
- We support you in setting up a process for the ongoing inspection and monitoring of your information security management system and its continuous improvement. We accompany you during the internal audits or conduct the audit for you.
Our effective system for ISO 27001 certification
International standards the creation of data protection and data security policies, according to which an audit with subsequent certification is also possible, have already been established in commerce. Aside from ISO/IEC 27001, the most prominent example is the IT baseline protection manual of the BSI. Both are excellent and proven tools, which serve as the foundation for the creation, consultation and audit of data protection and data security policies that activeMind AG provides its customers. We prepare all the questions of the relevant standard for you in an understandable way.
In most companies, there is a need to improve the level of security and to increase the transparency of procedures in order to meet the legal requirements. When creating the corresponding data protection and data security policies, however, it is normally not necessary to meet all the requirements of the standards and methods, which are in part quite extensive. Here, the experts of activeMind AG have developed a methodology that uses the recognized standards but is initially limited to the essential aspects of IT security. In this manner, we draw upon proven methods to help you establish an appropriate level of security, which is oriented toward your goals.
What is an information security management system?
The establishment of an adequate information security management system (ISMS) is not possible without the development, implementation, execution, monitoring, review, maintenance and improvement of information security. Therefore, in order to meet the requirements of the ISO 27001 standard, in addition to organisational tasks, there are also diverse practical and technical measures to implement, which increase security on the one hand and are suitable on the other to provide verifiable evidence of the level achieved. Such measures are included in the normative Annex A of ISO 27001 as well as ISO 27002.
- We assist you with the selection of measures, which are suitable for reducing the risks you have identified to a reasonable level.
- We support you in the practical implementation of these measures.
- We also enable you to verify the implementation via appropriate procedures in one audit.