Information security management system

Protecting your data and information
Information security management system

Information security management is a must for each and every company

An information security management system (ISMS) is required wherever the work of a wide variety of stakeholders is interlinked, be it in networked value and supply chains or in a digital exchange of data and information in the cloud. A company uses processes and guidelines to manage and control its own information security on an ongoing basis. Potential security risks are made transparent and therefore manageable. The IT and data protection experts at dhpg will be happy to advise you when it comes to developing, introducing or optimising the right ISMS for you. ISO 27001 certification can then follow seamlessly but is not mandatory for every industry. Don't hesitate to contact us.

ISMS - how we support you when it comes to the security of your data and information

Towards an Information Security Management System in five steps

1
Security
Governance
Scoping and
GAP analysis

Scoping and GAP analysis

At this point, we guide companies that are still at the very beginning of the information security process through a standardised process. We use checklists to record the company's particular legal and company-specific requirements and assess the current status of information technology.
Kick-off

Kick-off

The primary goal is to achieve a common understanding of the company's information security governance. In a kick-off meeting, we start the project together, define the objectives, the roles and responsibilities and the project plan - so that everyone has a precise overview of the project and tasks in their role.
Information Security Governance

Information Security Governance

Developing the framework for good and manageable information security from the requirements and the GAP analysis, from strategic integration, objectives, responsibilities and reporting through to guidelines and their monitoring.
2
Policy
Im Detail prüfen und bewerten
Implementation of measures
3
IS Risk
Management
Auffälligkeiten beseitigen
4
Security
Awareness
Regelwerk aufbauen
5
Monitoring and Improvement
Effective and
eligible for certification

Effective and eligible for certification

Some companies would like to have their information security management system certified. For some industries, certification is even mandatory. We develop and modify your information security management system to suit your needs, effectively and certifiably.
Implementation of measures

Why dhpg?

Security for your data without red tape

We work together with you to develop an information security management system to protect your data and information. A solution that provides you the security of knowing that you are ready for all eventualities, that you have taken all the necessary precautions, but that does not create any unnecessary red tape. With dhpg at your side, you have complete transparency at every stage of the process and can expect on-time and on-budget implementation.

Icon

Many years of experience

We have many years of extensive project experience in setting up information security management systems. With our best-practice approaches, methods and experience, we build on the processes and structures already in place in your organisation.

Icon

Certifiable at any time

Would you like to keep "the door to certification" open? Or are you obligated to be certified because of the service you offer? No problem. We design the processes of an information security management system in such a way that you can start up certification at any time.

Icon

Safety guaranteed

As part of an audit, legal and tax consultancy, IT information security is part of our DNA. With dhpg at your side, you can be sure to meet legal requirements and compliance at all times.

Your contacts for anything and everything involving ISMS

Would you like to arrange a personal meeting? We would be glad to arrange an appointment with you - no strings attached - so that we can get to know each other. We look forward to your call or e-mail and to hearing from you.

To the contact persons

FAQ

What is an information security management system?

An information security management system (ISMS) aims to identify and analyse an organisation's IT risks and render them manageable through appropriate measures. There are various approaches based on ISO/IEC 27001 or BSI basic protection - dhpg will be glad to advise you on both - be it in analysing the current situation, designing the right information security management system for you and its documentation or on the way to possible certification. We will be glad to support you above and beyond the introduction of information security management, for example when it comes to further development, revision or an audit. We always keep an eye on all related compliance and governance requirements as an element of auditing, tax and legal advice.

Why do you need an information security management system?

The pandemic has made it painfully evident how complex our supply and service relationships are today. Data is exchanged digitally using a wide variety of players and systems. Against this backdrop, it is important for companies to be mindful of their own IT infrastructure, IT applications and processes so that they avoid any risk of IT systems failing or being damaged or failing to comply with data protection requirements. An information security management system renders all of this transparent. This enables companies to strengthen their own infrastructure and avert potential damage to their organisation.

How does our ISMS achieve ISO 27001 certification?

Once an ISMS has been successfully set up and effectively implemented in operations, your company can have the ISMS certified, e.g. in accordance with ISO 27001. dhpg will be glad to support you in the preparation and certification process. We can also support you in carrying out your internal audit, which is required by ISO 27001, or in the follow-up in the event of any deficiencies being identified.

Why does a company need an information security management system? Our company already has a data protection officer.

The information security management of a company determines:

  • which technical and organisational IT security measures are necessary for information security
  • how these may be implemented and
  • how those in charge are to control and monitor the success of the steps taken.

The data protection officer in the company ensures that the requirements of the GDPR are complied with and thus that personal data are specially protected. Information security management does not give personal data a special position in principle. Information security management and data protection should work closely together, as the two topics are closely linked and should not act in isolation from each other.

How can dhpg support me in security management over and beyond an information security management system?

dhpg operates a Cyber Security Operations Centre with TÜV TRUST IT Unternehmensgruppe TÜV AUSTRIA. SOC as a Service (SOCaaS) monitors the client's IT systems for possible cyber-attacks and protects them against potential production downtime, data loss, damage to image, etc. and the associated financial risks. A combination of automatic detection and the use of expert knowledge ensures that various attack vectors are detected as quickly as possible. If an active threat to a company's infrastructure is exposed, measures agreed individually with the customer in the contract are put into effect immediately.

The connection to a Cyber Security Operations Centre is a useful component of a functioning information security management system. Statistics show that malicious code lingers in the organisation for more than half a year before it is detected. A SOCaaS can help you to recognise attackers who have already surmounted the firewall and virus scanner at an earlier stage and avert damage.

Additional information is available at www.csoc.de.

Information security management system according to ISO 27001

An information security management system (ISMS) defines a company's technical and organisational IT security measures. It sets out procedures and processes for implementing and monitoring information security at the company. dhpg offers companies the development, introduction and optimisation of an information security management system in accordance with the requirements laid down in ISO 27001 and BSI baseline protection. We will be glad to support you along the path to certification if you wish or are obliged to do so in your sector of business.

Contact

Get in touch with us

Mail Contact form Telefon +49 228 81000 0
By uploading the YouTube video, you consent to cookies being set by YouTube and Google and to data being transferred to these providers. We process the data in order to be able to analyse access to our YouTube videos or to evaluate the effectiveness of our advertising and ads. YouTube and Google also process the data for their own purposes. In addition, you also agree that your data may be transferred to the USA, although there is a risk in the USA that the US authorities may gain access to your data for surveillance purposes and that you may not have adequate legal protection against such. You will find further information in our Data Protection Policy.
Load YouTube Video
Permalink