Consulting
We support you in the implementation of your IT security and assist you with know-how and experience. Learn more…
Successful information security
ISO 27001
Bring structure to your company’s information security by establishing an integrated management system in line with ISO/IEC 27001. Learn more…
Certification
Create trust and demonstrate information security with an official certificate. We guide you through the audit. Learn more…
Training
Expand your technical and organizational know-how and create more security awareness for your employees. Learn more…
Legal requirements
Do you have to comply with the KRITIS regulation, the IT security catalog or the basic protection of the BSI? We will be happy to advise and support you. Learn more…
Audit
If requested, we carry out internal audits at your premises or those of your suppliers. Thereby we provide potential for improvement with concrete recommendations. Learn more…
“We felt we were in good hands and have continued to expand our information security step by step with results that we are proud of.”
Markus Schätzle
Chariman – Schätzle Solutions AG
IT Security – Know How Germany-wide
Information security starts with protecting individual files and extends to securing cloud services and data centers. The ISO 27001 standard provides a framework for an information security management system. This can be applied to any size and form of organization, from one to hundreds of thousands of employees, and includes topics such as personnel security, physical and environmental security, and mobile devices, in addition to IT.
Protecting information assets has three main goals: Confidentiality of information, integrity of information and systems, and availability of information and systems. Protecting IT systems from failure and ensuring that IT systems are sufficiently resilient is fundamental to maintaining business operations and business continuity.
In the event of an increased need for protection, the establishment of an information security management system has proven its worth. Based on a risk analysis, the company’s information assets are identified and systematically protected by defining and implementing measures. It is possible to carry out an audit according to ISO 27001 and to prove to customers and clients the professional handling of your data by means of an official certificate.
Special regulations apply to companies in certain sectors (energy, information technology and telecommunications, water supply, food, finance and insurance, health, and transport and traffic) (BSI Criticality Ordinance § 10 BSI Act, IT Security Catalog in accordance with § 11 Paragraph 1a Energy Industry Act). Building on solid information security, we are happy to support you in complying with the relevant regulations.
OUR SERVICES
Consulting
The start of the respective consulting project is usually an inventory and an analysis of the desired target state. Often, a GAP analysis is used to work out the areas for action and to develop measures for improving information security. For certification according to ISO 27001 or the IT security catalog, a short audit is a good idea. From the documentation created, the effort required until the respective certification audit can be calculated and presented. During implementation, we provide advice and support and, if desired, assist you all the way to certification.
Support
The first step in implementation is to define the scope. This is followed by pragmatic implementation, chapter by chapter, in which the standard requirement is first considered. Then we create the necessary descriptions by adapting sample documents. In this way, a set of documents is created that is checked for conformity with the standard in the certification audit.
Audits
The first check for conformity with the standard takes place in the internal audit, which is the concrete implementation of the established audit program. However, the requirements of the respective standard are not only to be met within the company itself, but also at suppliers. This is done in the form of supplier audits. Through appointed lead auditors we can meet these requirements of the standards. Ask us about the implementation of internal or supplier audits!
SEMINARS AND WORKSHOPS
Information Security Foundations
Information security primarily serves to protect against dangers or threats and to prevent economic damage. We base the seminar on the requirements of your company. This includes a pragmatic approach to information security and, if required, an overview of the international ISO/IEC 27000 series and the procedure according to IT baseline protection.
Target groups
IT security managers, IT directors, security managers, network and system administrators, and interested executives
Security Awareness Training
Time and again, studies show that people are the weakest point for information security. In a security awareness training, we train your employees and show how essential information security is maintained in their daily business. Dealing with passwords, e-mails, websites and the operating system on your own PC is just as much a part of this as dealing with external data carriers and possible social engineering attacks.
Target groups
All employees
ISO/IEC 27001 Foundations
The ISO 27001 basic training imparts the basic knowledge on the subject of information security management according to ISO 27001. After an overview and the joint development of the standard chapters 4-10, the measures from Annex A are discussed. The material is supplemented by practical implementation options for the measures.
Target groups
IT security managers, ISMS managers, security managers, network and system administrators, and interested executives
Auditor training
When operating and implementing an ISMS, internal audits must be verified in addition to the official certification every three years and the official interim audits. In the seminar you will learn not only the theoretical basics of ISO 19011, the standard for auditing management systems, but also how to proceed using practical examples. Afterwards, you will be ready to conduct your own audits precisely and document them appropriately.
Target groups
Employees with very good background knowledge in information security
“An overview of the theory and many practical applications. I could learn a lot for the implementation.”
Wolfram Wagner
CEO – Bytelancer
SUPPORT FROM A PRO
General IT security
Support for security issues
Pragmatic protection against threats
Establishment of an ISMS
ISO 27001 certification
ISO/IEC 27001
BSI Basic Protection
IT Security Catalog
KRITIS Regulation
General Data Protection Regulation
Mobile Device Management
Consulting
Training
Auditing
Implementation
Documents
Guidelines
“During the consultation we worked out step by step what to do next. I still work according to the implemented system today. The cooperation has brought me a lot and I can recommend you without reservation.”
Sascha Ballach
Power Gesund GmbH
OUR TEAM
Jörn Hahn
Lead Auditor ISO 27001
Graduate mathematician with 15 years of experience in IT and IT security. Active throughout Germany as a consultant and auditor for TÜV. Lecturer at the MediaDesign University for Design and Computer Science.
Contact: joern.hahn@solid-point.de
Dr. Jan Kopia
Lead Auditor ISO 27001, ISO 9001
Appointed lead auditor ISO 27001 and ISO 9001, consultant and trainer for the development of ISMS and QMS, TISAX auditor and consultant, auditor for critical infrastructures. IT security expert and CISO on a temporary basis.
Contact: jan.kopia@solid-point.de
Thomas Thierer
Information Security and Data Protection Officer
Graduate in business administration with 25 years of experience in the IT and seminar industry. Expert for data security, data protection and IT security guidelines. Active as a consultant and trainer throughout Germany.
Contact: thomas.thierer@solid-point.de
Alexander Csorba
Organizational project management
Master International Economic Relations,Project Management Office, assistance and organization in consulting and certification projects for ISO 27001.
Contact: alexander.csorba@solid-point.de
Lars Judas
Information Security Officer ISO 27001
Graduated electrical engineer with 12 years of experience in IT projects, accompanying the certification process and a focus on mobile device management. Trainer for applied communication and change models.
Contact: lars.judas@solid-point.de
Sven Schubert
IT project manager
IT project manager Consultant, trainer and project manager for projects in the field of IT, software development and information security with a wide range of experience in the authority and startup environment.
Contact: sven.schubert@solid-point.de
CONTACT
Call directly:
Jörn Hahn
Lead Auditor ISO/IEC 27001
Project coordination
030 214 714 00
Nollendorfstraße 27
10777 Berlin
or write an e-mail:
joern.hahn@solid-point.de