Certification in Accordance with ISO/IEC 27001 on the Basis of IT-Grundschutz
Information is the basis for the course of business, production processes and for communication with customers and partners. To provide appropriate protection for business information, effective processes, such as those that are mapped in an information security management system (ISMS), are required. The ultimate goal of the ISMS is to protect all information assets from loss of confidentiality, integrity, availability and authenticity. The construction of an ISMS therefore essentially includes processes for the analysis and assessment of risks resulting from IT operations as well as the selection and monitoring of appropriate security measures to treat these risks appropriately. The Federal Off ice for Information Security (BSI) has developed their own standards for the establishment of an ISMS in accordance with ISO/IEC 27001 based on IT-Grundschutz, illustrating the according procedures in detail.
If an ISMS is set up according to these specifications, the next possible step is certification. This certification is applied for to the BSI, which also acts as the certification body. Performing the certification audits requires the participation of at least one auditor who has been appointed by the BSI as an ISO/IEC 27001 audit team leader for audits on the basis of IT-Grundschutz. TÜV TRUST IT has a number of experienced and BSI appointed auditors, who can carry out this certification.