IT security based on ISO / IEC 27001
Information and IT security is the issue, since the release of secret practices. Every company, every organization and authority maintains and processes a variety of data and information that are worth protecting and third parties should not be accessible.
Good advice is the one who builds the appropriate structures for the protection of information. It helps the international standard ISO / IEC 27001, are defined in the requirements for the preparation, implementation, operation, monitoring, maintenance and improvement of a documented information security management system taking account of IT risks across the organization.
Why certification to ISO / IEC 27001?
The standard provides a framework for the organization of information security. For your customer and other parties but which is transparent only with a certificate. It thus creates foremost trust that a company really protects the customer and other data. At the same time the certification promotes the process of customer orientation and it can be used for promotional purposes.
TÜV Thüringen is certified for the verification and certification of information security management systems according to ISO / IEC 27001. The audits are conducted by certified IT specialists and approved auditors. Our customers get recognized certificates worldwide.
Criteria of Information Security
Information security is a complex issue. In addition to the requirements of data and IT security issues relating to human and physical safety must be considered. Therefore, the standards include the following requirements are defined:
1. Risk management
- Detecting the information values and determining the need for protection
- Identifying risks
- Assessment of risks
- Taking action
- Monitoring of action taken Correction and enhancement
2. Management of security restricted areas, particularly
- Data acquisition and handling
- Human resources management (before, during and after employment)
- Protection against adverse weather conditions and theft (physically)
- IT security (backup, virus protection, firewall, encryption, passwords)