IT Security

ISO/IEC 27001

Information Security Management System (ISMS)

ISO 27001 is a standard in the ISO/IEC 27000 family of standards covering information security. It is a worldwide recognised standard that defines the requirements for information security in a company. It can be implemented in all types of organisation due to its generic, sector-independent design.

ISO 27001 describes the requirements for an Information Security Management System (ISMS). Information security means the protection of the confidentiality, integrity and availability of information.
Important tasks of an ISMS are

  • Formulation of security objectives
  • Identification of assets that have value to the organisation
  • Risk assessment
  • Risk management
  • Continuous improvement of the ISMS

Information security is the crucial element for the protection of important business assets. The protection of business information and personal data of customers, your employees’ information security awareness and the proof of security to third parties (customers – business partners – legal requirements) have continuously become increasingly important and prevalent. Prove that information security is an integral part of your business processes. With a pertinent certificate from TÜV Saarland Certification.

ISO 27001 certification is also possible in combination with other management systems. Benefit from synergies!

 

A TÜV Certificate in just a few Steps – The Procedure for your ISO 27001 Certification

  • Pre-audit (optional), as an optimum preparation for the certification audit
  • Certification audit stage 1: Readiness assessment
  • Certification audit stage 2: Practical application
  • Granting of the Certificate & TÜV seal and registration in our TÜV Certificate Database
  • Monitoring and continuous optimisation (annually)
  • Re-­certification (every three years)

Your ISO 27001 certification is in capable hands with us. We will assist you during the entire certification process and a contact person will always be available to you.


IT Security Catalogue (BNetzA)

Network operators must ensure the availability, integrity and confidentiality of the systems and that must be proven to the German Federal Network Agency ((BNetzA) in the form of an Information Security Management System (ISMS) certified by an independent certification body on the basis of the IT Security Catalogue.

With a TÜV certificate based on the IT Security Catalogue, you fulfil the legal requirements and reduce your liability risks. Protect your company and prove to your business partners that you are maintaining the highest standards of IT security.

The IT Security Catalogue pursuant to Section 11 (1a) of the German Energy Industry Act (EnWG) was published in August 2015 and prepared by the German Federal Network Agency (BNetzA) and the German Federal Office for Information Security (BSI) and declared binding by the German Federal Network Agency (BNetzA) on all electricity and gas network operators.

The IT Security Catalogue defines requirements that are placed on network operators for a functioning energy supply with electricity and gas. The secure network operation significantly depends on a functioning information and communication technology (ICT). The IT Security Catalogue defines minimum standards for the protection of the ICT systems against any risks posed to the security of network operation.

Regular Proof

Section 8a (3) of the IT Security Act requires critical infrastructure operators to prove compliance with legal requirements at least every two years. That is made possible by security audits, tests or certifications. The German Federal Network Agency however limits such proof to certifications only so that security audits are not sufficient. The certification process requires an annual surveillance audit in the course of the ISO certification cycle.

Basis

The legal and normative basis is the IT Security Act, the Energy Industry Act (Section 11 (1a)) and the IT Security Catalogue. The IT Security Catalogue was prepared by the German Federal Network Agency and the German Federal Office for Information Security and declared binding on all electricity and gas network operators by the German Federal Network Agency.

The IT Security Catalogue is based on:

  • ISO/IEC 27001
  • ISO/IEC 27019

The core requirement is the implementation of an information security management system in accordance with DIN ISO/IEC 27001 expanded by the incorporation of all control actions specific to energy supply as per Annex A to ISO/IEC 27019

 

A TÜV Certificate in just a few Steps – The Procedure for your Certification

Your  certification is in capable hands with us. We will assist you during the entire certification process and a contact person will always be available to you.

  • Certification audit stage 1: Readiness assessment
  • Certification audit stage 2: Practical application
  • Granting of the Certificate & TÜV seal and registration in our TÜV Certificate Database
  • Monitoring and continuous optimisation (annually)
  • Re-­certification (every three years)

TÜV ­Certification ­– Your Advantages with TÜV Saarland Certification

  • Internationally recognised, accredited certification body
  • Personal contact person and individual advice for your company
  • TÜV experts support you in the safe and sustainable implementation of the requirements.
  • The independent assessment by, and experience of, the TÜV experts give a precise and reliable statement on the status quo; potentials will be uncovered and the system will be further enhanced. Our independent TÜV experts with their comprehensive sector experience will always be there for you and be well informed about all the current standards.

With successful certification, you will also benefit from the TÜV trademark that has a very high awareness level on an international scale and in Germany even an awareness level of more than 98%. You can also use our recognised TÜV seal for your marketing and thus stand out from your competitors.


You can also get management system certification to the following standards, often as combined certification: