Audit according to ISO / IEC 27001
Expertise with added value.
Tailored IT security management
ISO / IEC 27001 is the international de facto standard for information security in government agencies and companies. Certification is already mandatory for federal authorities, and voluntary for companies and other organizations. In view of the intense competition in the IT industry, ISO 27001 is rapidly gaining importance in the private sector as well. We accompany you on the way to the certificate in all phases, either as an advisor or as part of an audit. Of course, we also carry out ISO 27001 audits for energy providers or operators of critical infrastructures according to the German Energy Industry Act (EnWG).
Systematic and goal-oriented
IT security management is an area of work with many interlocking aspects. Through numerous projects in industry and in the public administration sector, we can draw on extensive practical experience.
Our customers not only increase the IT security level of their organization, but also improve corporate privacy in the ongoing optimization process. Certification according to ISO / IEC 27001 is therefore straightforward and feasible. We maintain close cooperation with DAkkS-accredited certification authorities and the German Federal Office for Information Security (BSI).
More than information technology
Certification according to ISO / IEC 27001 is based on a detailed assessment of the existing information security management system (ISMS). In addition to concrete implementation measures, the assessment focuses in particular on hazard identification as well as on measurability and controllability. The aim is continuous improvement of the ISMS and its updating on the basis of current risk analyses. Special offers exist for energy providers and grid operators in the run-up to the upcoming IT security catalogue in accordance with Section 11 (1a) EnWG.
A common goal
- Auditing of information security management systems (ISMS), natively (ISO / IEC 27001: 2013) or on the basis of IT-Grundschutz, also according to EnWG
- Accompanying consulting for the establishment of an ISMS and in preparation for an upcoming certification
- IS short revision: Process-neutral examination of the effectiveness of the security organization and the appropriateness and implementation of the security concept.
- Efficient procedures through integrated consideration of IT security and data protection issues
Your contact person
Short Vita Roman Maczkowsky
Roman Maczkowsky is a certified team leader for audits according to ISO 27001 natively as well as on the basis of IT-Grundschutz, also according to the Energy Industry Act (EnWG) for energy providers and operators of critical infrastructures. He is a proven specialist in corporate data protection and worked, among other places, at the Schleswig-Holstein Independent Center for Privacy Protection (ULD) and for the Berlin Commissioner for Data Protection and Freedom of Information. Roman Maczkowsky is a BSI-licensed IS auditor and IS consultant and works as an instructor in the training of data protection and IT security officers .