Security (ISO 27001)
This internationally recognised norm describes the requirements for an Information Security Management System (ISMS) with which organisations are put in a position to recognise and manage information-related risks for their business processes. Based on the business processes, ISO 27001 follows a comprehensive approach. For this reason the focus goes well beyond the classic sense of pure IT security.
Why should information security be considered to be so significant?
Information has become an indispensable commodity: using, processing, transferring and storing it are an essential basis for business processes and have a huge influence on everyday life. Incidents in the field of information security also have direct and indirect impacts on workflows within companies. They can lead to negative limitations for business operations or even to situations which threaten a company’s existence.
Coordinating ISO 27001 for your organisation
The ISO 27001 norm describes a tried and tested management framework which is compatible to other management systems such as ISO 9001 (Quality Management), ISO 14001 (Environment Management) or ISO 20000 (IT Service Management). Organisations which have already implemented one of the other standards therefore know the PDCA model (plan-do-check-act) and the processes of continual improvement.
ISO 27001 is not only relevant for large companies: the requirements and the measures have been defined so that they can be applied to any type or organisation independent of size or business aim. The measures catalogue is also based on a best practice approach and covers all aspects of information security.
Our services for information security according to ISO 27001
MATERNA provides individual solutions in the field of information security. We give tailor-made advice and support adapted to the relevant level of maturity for every organisation. MATERNA presents organisations which are looking into the topic of information security for the first time with different possibilities and approaches as part of a joint workshop and then the most suitable method and strategy can be selected.
We offer our Information Security Assessment for an immediate start. The assessment is based on the requirements of ISO 27001 and 27002 and supplies a current status report (360° view) on all aspects of information security. In addition to the current situation statement, worked out on the basis of interviews, you receive direct feedback and recommendations as to how your information security management could be improved.
MATERNA – your skilled partner for information security
Information security and its tasks are not an isolated individual discipline but are one of the components of comprehensive IT Management. That is why MATERNA relates information security to IT infrastructure, to specialist and business applications as well as to IT Service Management. Information security management is therefore, for example, an integral component in IT Service Management according to ITIL® V3. Both the Service Design book and ISO 20000 refer explicitly to the norm ISO 27001 when implementing this discipline. Certified ISMS auditors provide support for all questions related to information security. In addition to that we accompany organisations all the way through to ISO 27001 certification and also within the framework of internal audits.
Our solutions
- Full investigation into the security measures currently in place
- Documenting of rules for information security
- Implementation and evaluation of the level of rules
- Suggestions for improvements to information security
- Summary and presentation of the results
