ISMS Certification

Certificates serve as a seal of quality to potential customers. They facilitate access to tender procedures and build trust. Certificates also demonstrate that your company meets accepted quality standards. The most respected method of certification in IT security is the ISO Standard 27001.

In contrast to other standards, it provides the basis for a comprehensive industry-independent information security management system (ISMS), which is both nationally and internationally recognised. For medium and large businesses and corporation, an ISMS certification is a must.

At ISiCO, we know that the introduction of an ISMS can be a burden financially, organisationally, in terms of time and personnel. An unstructured approach to creating an ISMS can lead to permanent paralysis of the company – that is, if incorrect or unnecessary measures have been implemented. We specialise in resource-conserving ISMS implementation that benefits your company not only outwardly, but inwardly as well. In addition to receiving this certification, our customers benefit from effective risk management systems and the secure and legal protection of their company’s corporate value.

We work closely with experts accredited by the Federal Agency for Security in Information Technology (Bundesamt für Sicherheit in der Informationstechnik (BSI)). This ensures independent, fast and above all – sustainable implementation of ISO standards. When conducting ISMS audits, we make sure that no redundant structures arise and that your management is presented with the necessary, relevant information needed for decision making. ISiCO bases its work on the PDCA model, which allows for structured and focused work on ISO Standards. We will support and assist your company throughout the implementation of certifications, such as: Common Criteria, ISO 20000, ISO 27018 or EuroPriSe.
Please feel free to contact us for more information.


Introduction of an ISMS


Introduction of an ISMS

  • Definition of scope and boundaries
  • Reviewing ISMS Guidelines
  • Risk identification (identification of values; define exploitable vulnerabilities)
  • Risk assessment and evaluation
  • Creating ISMS decision documents
  • Drawing up the “Statement of Applicability”
  • Drawing up a risk management plan and accompaniment in implementing
  • Creating an “Incident Management Plan”

Adapting and testing an existing ISMS

  • Conduct regular audits
  • Effectiveness checks of the measures introduced
  • Review of the risks identified, reevaluation if deemed necessary
  • Change the ISMS Guideline
  • Review and possible updating of the “Statement of Applicability”

We will get back to you as soon as possible!

Do you have any questions regarding this service?
Write us and we will contact you as soon as possible.