ISO 27001

SOLUTIONS CRAFTED TO MEET REGULATORY COMPLIANCE

ISO 27001 is an international standard published by the International Standardization Organization – ISO. This guideline describes how to implement, manage and improve IT security and establish an information security management your company.

 

The standard helps you to implement suitable security mechanisms to reduce the cyber threats, the risk of data thefts or breaches. The main objective is to save the confidentiality, integrity and availability of information, business processes and IT systems.

 

 

Never heard of it? We are here to assist. With our Private Cloud Infrastructure, Security add-ons and Communication Solutions we implement all measures to fulfill the requirements to get your ISO 27001 certificate.

 

Here’s an excerpt of what we recommend:

REQUIREMENT

SOLUTION

EXPLANATION

A.6.2.1 Mobile device policy

Configure and secure mobile devices through profile management, access control.

A.6.2.2 Remote Working

Remote working in a secure way from everywhere, strict transport security (HSTS) for secure communication with your servers from everywhere in the world, integration of end-to end security and compliance mechanism for secure remote access.

A.7.2.2 Information security awareness, education & training

Employees receive appropriate awareness education and training to do their job securely concerning data security and cyber treats.

A.8.1.1 Inventory of assets

All assets (Hardware, Software, Information a.o.) must be identified and managed over the lifecycle which includes creation, processing, storage transmission detection and destruction.

A.9.2.access control

Limited and control access to information and systems, access rights and restrictions, Role based access including removement and adjustment of rights. Next Generation Firewall configuration by INGOS Experts, networksegmentation. Multifactor Authentication with role based Password Manger for secure access to systems and applications, role based access management.

A.9.2.1 User Registration, A.9.2.5. Review of user access Rights, A.9.4.2. Secure Log-on procedures

Implementation of of a formal user registration and deregistration process. Reporting of policy changes to review user access rights. Controlled access by secure log-on procedure.

A.11 physical and environmental security

Ensures secure physical and environmental areas to prevent unauthorized physical access, damage and interference as our infrastructure is located in a 27001 certified Datacenter in Bavaria, Germany.

A.12.2.1 Controls against Malware

Prevents cyber attacks such as phishing, malware. Protect against software vulnerabilities and zero-day threats.

A.12.3.1 Information Backup

Protect loss of data and ensure business continuity. Backup strategy in a physically separated datacenter.

A.12.4.1 Event Logging, A.12.4.2 Protection of Log Info, A.12.4.3. Administrator logs

Record of user activities, logging of admin activities, protection of logs and review for traceability.

A.13.1 Network security

Connection control and endpoint verification, VLAN segregation, next gen Firewall configuration with intrusion detection and prevention systems.

A.13.2. Information transfer

Maintain secure data transfer & safe communication with your organization and with any external entity, protects from unauthorized access.

and more...

By implementing our solutions in your IT-security strategy you obtain a high level of security, reduce the risk of cyberattacks and benefit from increased customer confidence. The measurements are based on IT-Grundschutz which is a systematic basis for information security developed by the Federal Office for Information Security.

CONTACT US

AND TAKE YOUR BUSINESS TO THE NEXT LEVEL

starsstars
line
line