Audit according to ISO / IEC 27001

Certification with added value

Tailor-made IT security management

ISO / IEC 27001 is the international de facto standard for information security in public authorities and companies. Certification is already mandatory for federal authorities, voluntary for companies and other institutions. In view of the intense competition in the IT sector, ISO 27001 is also rapidly gaining importance in the private sector. We accompany you in all phases on the way to certification, either in an advisory capacity or in the course of an audit. Of course, we also carry out ISO 27001 audits for energy suppliers or operators of critical infrastructures according to the Energy Industry Act (EnWG).

Your audit

Systematic and goal-oriented

IT security management is a field of work with many interlocking aspects. Through numerous projects in the industrial and administrative sectors, we can draw on extensive practical experience.
Our clients not only increase the IT security level of their organisation, but also improve operational data protection in the ongoing optimisation process. Certification according to ISO / IEC 27001 is therefore straightforward and economical. We work closely with DAkkS-accredited certification bodies and the German Federal Office for Information Security (BSI).

BSI-ZIG-0160-2023_RGB

Together to the goal

  • Certification numbers: BSI-ZISR-0031-2024 – valid until 14.08.2027; BSI-ZIG-0160-2023 – valid until 31.03.2026
  • Auditing of information security management systems (ISMS), native (ISO / IEC 27001:2022) or based on IT-Grundschutz, also according to EnWG
  • Accompanying advice on the establishment of an ISMS and in preparation for upcoming certification
  • IS short audit: procedure-neutral review of the effectiveness of the security organisation as well as the appropriateness and implementation of the security concept
  • Streamlined procedures through integrated consideration of IT security and data protection issues

More than information technology

Sustainable system

The basis for certification according to ISO / IEC 27001 is a detailed assessment of the existing information security management system (ISMS). In addition to concrete implementation measures, the assessment focuses in particular on hazard identification as well as measurability and controllability. The aim is to continuously improve the ISMS and update it on the basis of current risk analyses. Special offers are available for energy suppliers and network operators in the run-up to the IT security catalogue pursuant to Section 11 (1a) EnWG.

Your contact

Roman Maczkowsky - Datenschutzbeauftragter, Datenschutz-Erstanalyse, Audit ISO27001 und Website Sicherheitsanalyse

Roman Maczkowsky
Management
phone: +49 30 243423-47
email: r.maczkowsky@m-privacy.de

Contact us!

Does your ISMS meet the requirements of an audit? Our IS short audit provides clarity without special requirements and keeps all options open for you with regard to a subsequent certification.

Downloads & Links

Infobogen ISO 27001 >
Infobogen ISMS >

Short biography of Roman Maczkowsky

Roman Maczkowsky is a certified team leader for audits in accordance with ISO 27001 natively and on the basis of IT baseline protection, including in accordance with the Energy Industry Act (EnWG) for energy suppliers and operators of critical infrastructures. He is a proven specialist in operational data protection and has worked for the Independent Center for Privacy Protection Schleswig-Holstein (ULD) and the Berlin Commissioner for Data Protection and Freedom of Information, among others. Roman Maczkowsky is a BSI-licensed IS auditor and IS consultant and works as a lecturer in the training of data protection and IT security officers.