An information security management system (ISMS) is required wherever the work of a wide variety of stakeholders is interlinked, be it in networked value and supply chains or in a digital exchange of data and information in the cloud. A company uses processes and guidelines to manage and control its own information security on an ongoing basis. Potential security risks are made transparent and therefore manageable. The IT and data protection experts at dhpg will be happy to advise you when it comes to developing, introducing or optimising the right ISMS for you. ISO 27001 certification can then follow seamlessly but is not mandatory for every industry. Don't hesitate to contact us.
We work together with you to develop an information security management system to protect your data and information. A solution that provides you the security of knowing that you are ready for all eventualities, that you have taken all the necessary precautions, but that does not create any unnecessary red tape. With dhpg at your side, you have complete transparency at every stage of the process and can expect on-time and on-budget implementation.
We have many years of extensive project experience in setting up information security management systems. With our best-practice approaches, methods and experience, we build on the processes and structures already in place in your organisation.
Would you like to keep "the door to certification" open? Or are you obligated to be certified because of the service you offer? No problem. We design the processes of an information security management system in such a way that you can start up certification at any time.
As part of an audit, legal and tax consultancy, IT information security is part of our DNA. With dhpg at your side, you can be sure to meet legal requirements and compliance at all times.
Would you like to arrange a personal meeting? We would be glad to arrange an appointment with you - no strings attached - so that we can get to know each other. We look forward to your call or e-mail and to hearing from you.
An information security management system (ISMS) aims to identify and analyse an organisation's IT risks and render them manageable through appropriate measures. There are various approaches based on ISO/IEC 27001 or BSI basic protection - dhpg will be glad to advise you on both - be it in analysing the current situation, designing the right information security management system for you and its documentation or on the way to possible certification. We will be glad to support you above and beyond the introduction of information security management, for example when it comes to further development, revision or an audit. We always keep an eye on all related compliance and governance requirements as an element of auditing, tax and legal advice.
The pandemic has made it painfully evident how complex our supply and service relationships are today. Data is exchanged digitally using a wide variety of players and systems. Against this backdrop, it is important for companies to be mindful of their own IT infrastructure, IT applications and processes so that they avoid any risk of IT systems failing or being damaged or failing to comply with data protection requirements. An information security management system renders all of this transparent. This enables companies to strengthen their own infrastructure and avert potential damage to their organisation.
Once an ISMS has been successfully set up and effectively implemented in operations, your company can have the ISMS certified, e.g. in accordance with ISO 27001. dhpg will be glad to support you in the preparation and certification process. We can also support you in carrying out your internal audit, which is required by ISO 27001, or in the follow-up in the event of any deficiencies being identified.
The information security management of a company determines:
The data protection officer in the company ensures that the requirements of the GDPR are complied with and thus that personal data are specially protected. Information security management does not give personal data a special position in principle. Information security management and data protection should work closely together, as the two topics are closely linked and should not act in isolation from each other.
dhpg operates a Cyber Security Operations Centre with TÜV TRUST IT Unternehmensgruppe TÜV AUSTRIA. SOC as a Service (SOCaaS) monitors the client's IT systems for possible cyber-attacks and protects them against potential production downtime, data loss, damage to image, etc. and the associated financial risks. A combination of automatic detection and the use of expert knowledge ensures that various attack vectors are detected as quickly as possible. If an active threat to a company's infrastructure is exposed, measures agreed individually with the customer in the contract are put into effect immediately.
The connection to a Cyber Security Operations Centre is a useful component of a functioning information security management system. Statistics show that malicious code lingers in the organisation for more than half a year before it is detected. A SOCaaS can help you to recognise attackers who have already surmounted the firewall and virus scanner at an earlier stage and avert damage.
Additional information is available at www.csoc.de.
An information security management system (ISMS) defines a company's technical and organisational IT security measures. It sets out procedures and processes for implementing and monitoring information security at the company. dhpg offers companies the development, introduction and optimisation of an information security management system in accordance with the requirements laid down in ISO 27001 and BSI baseline protection. We will be glad to support you along the path to certification if you wish or are obliged to do so in your sector of business.