Information security management systems (ISMS)

An information security management system (ISMS) allows for the integrated management of information security at your company. It establishes governance, defines the approach for risk management as well as the organisational and operational structures, thereby providing the pathway to compliance at the company. An ISMS often constitutes a condition of eligibility for tenders and contracts in various sectors. Various standards define the framework for an ISMS.

Our approach:

Our expert team builds a coordinated, tailor made information security management system (ISMS) in cooperation with you, based on the individual needs of your company. In doing so, we also take into account the standards applicable to your sector.

  • DIN EN ISO/IEC 27001 for companies in all sectors
  • VDA ISA (TISAX) for the automotive industry
  • 100-X and 200-X BSI standards for offices and authorities as well as public sector companies
  • Regulatory requirements according to BAIT/VAIT/KAIT for insurance companies, banks and capital management companies

Does your company already have an established ISMS? If so, our experts are here to help you successfully pass the assessment of your information security system by an assessment service provider (such as the TISAX assessment or certification in accordance with ISO 27001) and subsequently receive confirmation of the corresponding information security level.

We will carry out a gap analysis and assessment of the ISMS for you, such as in accordance with DIN EN ISO/IEC 27001, in order to identify potential weak points ahead of time. Finally, our proven experts set up a comprehensive plan of action for you in the area of information security and support you in its implementation, thereby ensuring the best-possible preparation for your organisation to undergo any forthcoming certification audit.

Our experienced Forvis Mazars auditors and IT security experts carry out the certification audit for your ISMS in accordance with DIN EN ISO/IEC 27001, and in cooperation with our strategical partner PECB Management Systems as the certification authority.

Our services:

  • Training, in cooperation with our strategic partner PECB, as information security officers within the scope of ISO/IEC 27001 (lead) implementer with certificate, among others
  • Training in cooperation with our strategic partner PECB as examiner of internal revision within the scope of ISO/IEC 27001 (lead) implementer with certificate, among others
  • Preparing and compiling the documents for the examiner
  • Site inspection and assessment shortly before the audit
  • Ensuring the ability to provide information of the audit participants through prior briefing
  • Information on personnel not involved in the audit process
  • Assuage the potential fear of the personnel
  • Contact persons for the personnel concerning any open questions during the entire process
PECB

Want to know more?