Flyout Menu

IS Operations

  • Transition ISO/IEC 27001:2022 for energy system operators and operators of energy systems classified as critical infrastructure

IT technology is constantly evolving and so are the security measures to protect it from cyber threats. This necessitated a further revision of ISO 27001 and ISO 27002, which was implemented in 2022 with the new versions of the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 standards.

ISO 27001 defines the requirements for the structure, introduction, implementation, monitoring and documentation of an information security management system (ISMS). The catalogue of measures in ISO 27001 is in turn derived from ISO 27002. This standard contains guidelines for the implementation of information security requirements. With the new version ISO 27001:2022, the requirements for companies with regard to information security have been tightened and adjustments to the continuous improvement of ISMS processes and their documentation have become unavoidable.

Since 1 March 2024, ISO 27002:2022 and, from 1 November 2024, ISO 27001:2022 must be applied by all energy system operators and operators of energy systems classified as critical infrastructure.

We will be happy to advise and support you in the transition of your existing ISMS to ISO 27001:2022 as part of the upcoming challenges that you and your company will face as a result of the transition to the new standard.

Your benefits

  • Competitive advantage and proof of quality for customers and business partners
  • Compliance with current legal requirements
  • Protection of your processes according to the current state of the art
  • Further development of your ISMS documentation through best practices and the enhanced ISMS framework
Request now
  • Provision and Coaching of External ISB/CISO

So as to manage and purposefully further develop a company’s information security, a central accountability should be established in the form of an information security officer (CISO). Frequently, employees who are already entrusted with other tasks are assigned this function. This can not only lead to conflicts of roles but in many cases the expertise required is lacking. In addition, continuous further training is a costly and time-consuming process. In particular for smaller enterprises it is therefore advisable to make use of an external CISO. Larger companies that have a designated CISO can increase and optimise the efficacy of this role by deliberate coaching. TÜV TRUST IT consultants can assist you in thinking outside the box and assessing risks appropriately. We provide you with seasoned experts who will help you to live up to all information security risks within your company.

Your benefits

  • Provision of an Information Security Officer (CISO)
    • Maintenance of current information security processes and continuous enhancement
    • No internal commitment of resources
    • Your own employees will still be available for your main business
    • Reduction of costs for advanced staff training
  • Coaching your Information Security Officer (CISO)
    • Expansion of your CISO’s expertise
    • Optimising the efficacy of the CISO’s role
    • Increasing internal acceptance
Request now
  • Supporting IT Auditing and IS Auditing

German law on control and transparency in the corporate sector (KonTraG) requires corporations to provide appropriate risk management and internal auditing. Inherently, every kind of enterprise is interested in identifying risks as early as possible to forestall security incidents and prevent damage to the company. Hence internal auditing procedures are indispensable to assess the efficacy of risk management and control systems. Both, IT and IS auditing play an important role for companies as an independent monitoring source.

Information security auditing embodies a vital component of any successful information security management system by evaluating the effectiveness and completeness of IT security procedures at regular intervals. The focus lies on assessing the design, operation or utilisation of information technology. In this connection, the examination services of IT and IS auditing have to be performed in a complex and dynamic field. This requires interdisciplinary knowledge, which staff members do not as a rule have in all areas of IT security. Lack of expertise poses a risk of not being able to identify and cover all relevant checks.

Due to the increasing number and complexity of issues to be inspected, auditing departments and auditors likewise face increasing demands. TÜV TRUST IT is there to support you with professional knowledge and a comprehensive portfolio of services.

Your benefits

  • Coverage of all relevant checks of IT auditing and IS auditing
  • Inclusion of your specific auditing requirements
  • The in-depth experience of our auditors
  • Our methodical competence: audits based on officially recognised standards (COBIT®, ITIL®, ISO 270xx, ISO 15504, Federal Office for Information Security – IT-Grundschutz)
  • Certification of our consultants as Certified Information Security Auditors (CISA)
    Our certification by the Federal Office for Information Security (BSI) as an IT security service provider in the field of IS auditing and consulting
    Reducing investments in advanced training of your auditors
Request now
  • ISMS-Freshmaker. The smart ISMS-Upgrade.

Many information security management systems grow mainly through audits – they work efficiently, but often lack long-term thinking. The ISMS Freshmaker brings new energy to your system: In an interactive workshop, we take a step back and look at your ISMS from a bigger perspective together with your key team members.

We find unused potential, look at current challenges, and build a strong foundation for future improvements. The results are clearly organized and turned into practical actions. This way, your security management becomes more than just a checklist – it becomes something your team truly lives: flexible, effective, and ready for the future.

Your benefits

  • Tailor-made workshop designed to address your specific requirements and organizational context

  • Targeted identification of optimization potential within your existing ISMS

  • Valuable input for advancing your information security strategy with a focus on medium- and long-term goals

  • Effective preparation for upcoming audits through structured analysis and practical recommendations

  • Greater efficiency, effectiveness, and added value thanks to our many years of experience

Request now
Contact

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Name*
Data privacy*