We at NETWAYS Managed Services have recently received ISO 27001 certification – the internationally recognized standard for the highest information security standards.
Kerstin Stief from data.disrupted took this as an opportunity to talk to Bernd Erk, Managing Director of the NETWAYS Group, in a podcast. From the general importance of the certification, the challenges on the way there and the measures taken to protect sensitive data – we have summarized our most important findings on the way to this certification in this blog post for you to read:
ISO 27001 and its relevance
ISO 27001 is an internationally recognized standard that describes the structure and requirements of a robust management system for information security. It is audited and reviewed in Germany by companies such as TÜV. Nowadays, certification is a prerequisite for many customers who want to ensure that their data is reliably and comprehensively protected.
ISMS and its implementation
To put the requirements of ISO 27001 into practice, we have developed a flexible information security management system (ISMS). This ISMS is a central tool for us that maps all relevant security processes in a structured manner and ensures compliance with the standard.
With BookStack as an open source solution, we document binding specifications such as risk analyses and guidelines – and thus create a solid basis for the secure management of our information.
Responsibility for information security
Of course, an ISMS requires more than just technical documentation; it requires the commitment of the entire team . Responsibility for information security starts with the management and is coordinated by our CISO, who monitors all security measures.
Regular training and awareness-raising ensure that each of our employees understands their own role – a safety-conscious team is crucial for us!
The path to ISO 27001: The first steps
Setting up an ISMS is a process that starts with defining the “scope”, i.e. the areas that are to be certified. This has helped us to focus on particularly critical areas of the company and to start building up security in a targeted manner. Asset management also plays a central role here in order to comprehensively identify and protect all sensitive data and systems.
To make the security process comprehensive and efficient, we rely on open source tools such as Verinice and Eramba for ISMS management. We integrate these solutions into BookStack in order to document the security process centrally and keep the ISMS accessible to all employees. We also use SnipeIT to manage our IT assets and tools such as Elastic and Graylog for continuous log monitoring.
The use of open source solutions gives us full control and flexibility to tailor our security requirements.
The differences between ISO 27001 and BSI baseline protection
With regard to the requirements of other security standards, we deliberately opted for ISO 27001 as this standard offers more flexibility for our needs. In contrast to BSI baseline protection, which is primarily established in Germany, ISO 27001 allows a targeted definition of the scope and is internationally recognized – an advantage for a company like ours with an international target group.
Challenges for small and medium-sized enterprises
For many small and medium-sized companies seeking ISO certification, setting up an ISMS can be a challenge.
However, there is often already a solid basis through existing security measures such as backups and access controls. The key is to document these measures and improve them in a targeted manner without unnecessarily changing established processes.
This makes the introduction of the ISMS a practical and sustainable enrichment for the company.
Risk management and awareness-raising as a long-term strategy
The ongoing adaptation and improvement of security measures is an ongoing process that will remain important in the future. Cloud services are now widespread and bring with them new challenges in terms of trust and transparency.
Through awareness-raising measures such as multi-factor authentication and continuous vulnerability analysis, we promote security awareness within the company – not only to meet legal requirements, but also for economic reasons.
Conclusion
Our path to ISO 27001 certification has brought us forward as a company in terms of information security. Thanks to our CISO Markus Waldmüller, our CEO Managed Services Sebastian Saemann and the support of Uwe Schmidt, we have led NETWAYS Managed Services GmbH to successful certification in just 10 months – something we are very proud of.
For NETWAYS Managed Services, this certification is not only an official confirmation, but also a commitment to designing security standards sustainably and efficiently. This not only strengthens the trust of our customers, but also fulfills our own demand for the highest security standards.
0 Comments