ISO 27001

ePrivacy advises companies and public authorities on the implementation of information security management systems (ISMS). The development and introduction of an ISMS are prerequisites for certification according to the international ISO 27001 standard. The certification of the ISMS can then be carried out by certification bodies accredited by DAkkS (German Accreditation Body).


  • Improvement of information security: By implementing and adhering to the ISO27001 standard, information security is systematically improved, and potential security gaps are identified and closed. 
  • Customer trust: An ISO27001 certification demonstrates to customers and business partners that your company maintains high security standards, which can lead to increased trust and a better market position. 
  • Legal and regulatory compliance: The certification helps companies meet legal and regulatory requirements in the field of information security, thereby reducing the risk of fines and legal issues


With our extensive experience in the consulting and certification field, we can optimally prepare and support you for an ISO27001 certification. We assist you with comprehensive documents and processes in the development of an ISMS and prepare you in the best possible way for the audit.

ISMS Development

  • Defining the scope
  • The steps in detail 
  • Conducting a brief gap analysis 
  • Creating a draft for a "scoping" document Setting up an initial project plan (based on the gap analysis) 
  • Determining the required resources (internal/external)
  • Measures and policies for an ISMS
Learn more about ISMS

ISMS Risk Analysis

  • Support in conducting the on-site risk analysis
  • Definition of the approach; exemplary execution
  • Review of the results
  • Coaching for the action treatment plan
Learn more about the Risk Analysis

External Information Security Officer

  • Appointment as Information Security Officer (ISO)
  • Support in the implementation and operation of the ISMS
  • Support in the implementation of policies and in dealing with security incidents, etc.
  • Participation in external and internal audits
  • Planning, implementation, review, and monitoring of information security
Learn more about the Information Security Officer

Training & Internal Audit

  • Support of the internal Information Security Officer (ISO) in creating a training and awareness plan
  • Optional conduct of employee training
  • Support in conducting the internal audit as the ISO or as support for the internal ISO
  • Detailed templates and documents (outline, change history, objective, purpose, reference documents, standards references, etc.)
Learn more about internal audits

What is ISO 27001?

ISO 27001 is an internationally recognized standard which codifies the requirements to be met by ISMSs with the aid of a process approach, having regard to the IT risks specific to the individual organization: The standard describes requirements governing the establishment, implementation, maintenance and continual enhancement of ISMSs. 

ISO 27001 provides a basis for the obtaining of internationally recognized and very comprehensive certification. To this end, risk analyses are carried out and measures of a technical and organizational nature implemented, among other things.

The certification process in accordance with ISO 27001

The certification process is a continuous one which calls for the active involvement of the companies in question. This process is made up of four phases. The various phases together form one PDCA (Plan – Do – Check – Act) cycle.

The difference between ISO 27001 and ISO 27002

While ISO 27001 merely describes the requirements to be met by an ISMS, ISO 27002 provides guidelines and general criteria for the introduction, implementation, maintenance and improvement of information security management systems within organizations. The international code of practice for information security management comprises:

  • Instructions and guidelines on information security
  • Organizational security measures and management processes
  • Staff safety
  • Responsibility for and classification of informational data
  • Access controls
  • Cryptography
  • Physical safety and public services
  • Operational safety 
  • Network security
  • System development and maintenance
  • Provider relationships
  • Handling of security incidents
  • Emergency plans
  • Compliance with legal requirements and security guidelines and conduct of audits

Where ISO 27001 certification is obtained, ePrivacy can assist you in meeting the ISO 27002 criteria.

What are the advantages for you of obtaining ISO 27001 certification?

In addition to increasing the efficiency of the systems in place within your company, obtaining certification also builds trust on the part of your customers and business partners, being a testament to the careful and responsible handling of information. ISO 27001 certification constitutes official evidence of data security, and as such will not only accord you a competitive advantage in the context of tenders for the award of contracts, it is in fact increasingly a fundamental condition of eligibility for participation in such procedures.

Do you have questions or recommendations for us?

We are glad to receive your comments.