ISO 27001

ePrivacy supports companies and public authorities with the implementation of management systems for information security (Information Security Management System - ISMS). The development and implementation of an ISMS is one of the prerequisites for a certification according to the international ISO 27001 standard. The certification of the ISMS can then be carried out by certification authorities that have been accredited by the DAkkS (German Accreditation Authority). 

What is ISO 27001?

ISO 27001 is an internationally recognized standard which codifies the requirements to be met by ISMSs with the aid of a process approach, having regard to the IT risks specific to the individual organization: The standard describes requirements governing the establishment, implementation, maintenance and continual enhancement of ISMSs. 

ISO 27001 provides a basis for the obtaining of internationally recognized and very comprehensive certification. To this end, risk analyses are carried out and measures of a technical and organizational nature implemented, among other things.

The certification process in accordance with ISO 27001

The certification process is a continuous one which calls for the active involvement of the companies in question. This process is made up of four phases. The various phases together form one PDCA (Plan – Do – Check – Act) cycle.

The difference between ISO 27001 and ISO 27002

While ISO 27001 merely describes the requirements to be met by an ISMS, ISO 27002 provides guidelines and general criteria for the introduction, implementation, maintenance and improvement of information security management systems within organizations. The international code of practice for information security management comprises:

  • Instructions and guidelines on information security
  • Organizational security measures and management processes
  • Staff safety
  • Responsibility for and classification of informational data
  • Access controls
  • Cryptography
  • Physical safety and public services
  • Operational safety 
  • Network security
  • System development and maintenance
  • Provider relationships
  • Handling of security incidents
  • Emergency plans
  • Compliance with legal requirements and security guidelines and conduct of audits

Where ISO 27001 certification is obtained, ePrivacy can assist you in meeting the ISO 27002 criteria.

What are the advantages for you of obtaining ISO 27001 certification?

In addition to increasing the efficiency of the systems in place within your company, obtaining certification also builds trust on the part of your customers and business partners, being a testament to the careful and responsible handling of information. ISO 27001 certification constitutes official evidence of data security, and as such will not only accord you a competitive advantage in the context of tenders for the award of contracts, it is in fact increasingly a fundamental condition of eligibility for participation in such procedures.

Do you have questions or recommendations for us?

We are glad to receive your comments.