ISO / IEC 27001 audit
Expert opinion with added value.
Tailor-made IT security management
ISO / IEC 27001 is the international de facto standard for information security in public authorities and companies. Certification is already mandatory for federal authorities, voluntary for companies and other institutions. In view of the intense competition in the IT sector, ISO 27001 is also rapidly gaining importance in the private sector. We accompany you in all phases on the way to certification, either in an advisory capacity or in the course of an audit. Of course, we also carry out ISO 27001 audits for energy suppliers or operators of critical infrastructures according to the Energy Industry Act (EnWG).
Systematic and goal-oriented
IT security management is a field of work with many interlocking aspects. Through numerous projects in the industrial and administrative sectors, we can draw on extensive practical experience.
Our clients not only increase the IT security level of their organisation, but also improve operational data protection in the ongoing optimisation process. Certification according to ISO / IEC 27001 is therefore straightforward and economical. We work closely with DAkkS-accredited certification bodies and the German Federal Office for Information Security (BSI).
More than information technology
The basis for certification according to ISO / IEC 27001 is a detailed assessment of the existing information security management system (ISMS). In addition to concrete implementation measures, the assessment focuses in particular on hazard identification as well as measurability and controllability. The aim is to continuously improve the ISMS and update it on the basis of current risk analyses. Special offers are available for energy suppliers and network operators in the run-up to the IT security catalogue pursuant to Section 11 (1a) EnWG.
Together to the goal
- Certification numbers: BSI-ZISR-0031-2021 – valid until 14.08.2024; BSI-ZIG-0160-2023 – valid until 31.03.2026
- Auditing of information security management systems (ISMS), native (ISO / IEC 27001:2022) or based on IT-Grundschutz, also according to EnWG
- Accompanying advice on the establishment of an ISMS and in preparation for upcoming certification
- IS short audit: procedure-neutral review of the effectiveness of the security organisation as well as the appropriateness and implementation of the security concept
- Streamlined procedures through integrated consideration of IT security and data protection issues
Short vita Roman Maczkowsky
Roman Maczkowsky is a certified team leader for audits according to ISO 27001 native as well as on the basis of IT-Grundschutz, also according to the German Energy Industry Act (EnWG) for energy suppliers and operators of critical infrastructures. He is a proven specialist in operational data protection and was, among other things, an employee of the Independent Centre for Data Protection Schleswig-Holstein (ULD) and the Berlin Commissioner for Data Protection and Freedom of Information. Roman Maczkowsky is a BSI-licensed IS auditor and IS consultant and is active as a lecturer in the training of data protection and IT security officers.
Does your ISMS meet the requirements of an audit? Our IS short audit provides clarity without special requirements and keeps all options open for you with regard to a subsequent certification.