TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, supported the certification project based on the IT-Grundschutz framework.
P&I Personal & Informatik AG (P&I AG) implemented an Information Security Management System (ISMS) with the support of TÜV TRUST IT. It was developed according to the requirements of the BSI Standard 100-2, and the subsequent certification according to ISO 27001 based on IT-Grundschutz was carried out by the German Federal Office for Information Security (BSI).
Payroll management is subject to strict data protection and security requirements, especially when offered as a managed service or via cloud solutions. As one of the leading companies in the HR industry in Europe, with around 3,500 clients in 13 countries and approximately 400 employees, P&I AG is well aware of its responsibility for the sensitive personal data of its customers. P&I provides software solutions for all aspects of human resources management and therefore decided to implement an ISMS in accordance with ISO 27001. To meet the requirements of public sector clients, the ISMS was designed based on ISO 27001 in conjunction with IT-Grundschutz. “The origin of the ISMS project was our need, as a leading service provider in the human resources sector, to meet the highest standards for the security of customer data,” explains Takaaki Sato, Director Center of Data at P&I.
In the project, the IT-Grundschutz requirements were structured, a suitable information security organization was established, and the ISMS itself was set up. This also included an assessment of whether the IT systems and organizational measures already met all the standard requirements. Based on these assessments, necessary actions were identified, and a practical approach with appropriate measures for rapid implementation was developed. The project was characterized by a strong culture of cooperation between the HR service provider’s staff and the consultants. “The pragmatic and competent approach on both sides enabled us to adapt the IT-Grundschutz requirements for P&I AG and implement effective measures in a very short time,” concludes project manager Martin Ennenbach from TÜV TRUST IT.