Einführung Informations – Sicherheitsmanagementsystem (ISMS)

As a BSI certified IT security service provider, IABG offers an efficient implementation of the standards (ISO 27001 native or BSI basic protection) for the corresponding certification. This is a must for all companies which fall under the IT security law. The introduction of an ISMS comprises the following service modules: Workshop It is the basis for a precise risk analysis and, based on this, an estimate of the effort required. Scope definition With regard to the application level, the limits and the services to be provided are described, including possible transitions to third parties. Limitation of a scope For efficient project progress, the scope is initially limited to the necessary critical processes and components, ensuring process consistency and traceability CAP analysis The aim of the analysis is to evaluate the current status of IT security and the gaps still to be closed within the defined scope. Risk assessment The basis for risk assessment is the effects on operation and the probability of occurrence of threats; they form the risk measure according to the selected calculation algorithm. Risk treatment plan All risks to be minimised are managed in a prioritised risk treatment plan. For each risk there are personnel responsibilities and target dates. Implementation plan The implementation plan describes the information security objectives in connection with the implementation of the individual measures. This serves as a reference for the subsequent audits. Internal audit On the one hand, the internal audit serves as a means of self-regulation, but is also a basic requirement for a formal certification audit. External 3rd-Party Audit Order Once the decision for formal external certification has been made, the type of certification should be determined very soon and the appropriate measures should be taken.