ISMS Information Security Management System
Currently there are no events.

Consulting for ISO 27001 ISMS Information Security Management System

Consulting for ISO 27001

Your contact

Dr. David Wustmann
Dr. David Wustmann Head of logistics software
+49 351 314423-500 David.Wustmann@logsol.de

Are your sensitive information, data & processes protected?

Information security management systems and their certification according to ISO/IEC 27001:2013 are rapidly gaining in importance - also because the customer side is increasingly demanding such internationally recognized proof for information and data security.

 

An Information Security Management System (ISMS) protects sensitive information, data, processes, IT systems and resources holistically by means of documented methods, guidelines and rules. These must be continuously reviewed and, if necessary, further developed to suit the company. An ISMS certification according to ISO/IEC 27001:2013 also proves the international standard of the protection level created (e.g. towards customers, users, insurance companies etc.).

Why ISO/IEC 27001:2013 certified ISMS?

  • Protection against white-collar crime and accidental attacks

 

  • Reduction of (IT) risks and resulting damage/costs

 

  • Stabilized, transparently designed IT & business processes

 

  • Improvement of system availability

 

  • Practical, economic system, since measures are always in the context of actual risks

 

  • International ISO/IEC 27001 standard > recognised proof against third parties (customers, users, insurance companies, authorities, etc.)

ISMS in 5 steps

The basic prerequisite for a functioning system is 100% acceptance on the part of the management/company management and the sensitization (awareness) of all parties involved.

 

1. Basis – Scope of application

What should the ISMS do/Which corporate values should be protected? Where is the ISMS delimited and which interfaces exist? Which processes are excluded and why?

Determination of the values/areas to be protected and the corresponding complexity of the ISMS

 

2. Risks

What are the risks/threats to the scope? How can risks be evaluated (reduced, outsourced, avoided) and which risks are still acceptable and why?
Company-specific risk identification, evaluation/assessment according to scope and assignment of responsibilities

 

3. Measures and documentation

What measures are necessary to reduce or eliminate relevant risks? What is the exact aim of each measure? How are the measures implemented (review of implementation through audits). What are the responsibilities?

Definition, implementation and monitoring of measures for risk containment/avoidance

 

4. Review and further development

How is the effectiveness of the measures continuously monitored? Which processes and monitoring measures are necessary for this? Are there any new threats and how will they be dealt with?
Ongoing review and adjustment of the measures due to possible new/changed risks in the company/area of application (continuous improvement process)

 

5. Awareness - Living the system

What must be done to ensure that all parties involved accept the ISMS and correctly apply or comply with its rules/measures? Which training courses are necessary and how often?

ISMS as an integral part of the company philosophy including regular employee sensitisation and training.

Organisatorische Maßnahmen

ZutrittskontrolleAccess control

 

GeheimhaltungNon-disclosure

 

StandardprozesseStandard procedures

 

Clean deskClean desk

 

MesspunkteMeasuring points

 

DokumentationDocumentation

 

kvpContinuous improvement process

ISMS schlank umgesetzt

 

Benefit from LOGSOL's experience from its own ISO/IEC 27001:2013 certification process.

 

Our experts for information security also support you with your ISMS project and its lean implementation:

LOGSOL Services

LOGSOL Beratungsleistungen ISMS - ISO 27001

More

ISMS - ISO 27001 workshop

Talk to our expert about your ISMS project:

 

David Wustmann 

David Wustmann

Termin

 

 +49 351 314423-50