ISO 27001
Bring structure to your company’s information security by setting up an integrated management system in accordance with ISO/IEC 27001. Find out more…
certification
Training
Expand your technical and organizational know-how and create more security awareness among your employees. Find out more…
Legal requirements
Do you have to comply with the KRITIS regulation, the IT security catalog or the BSI’s basic protection? We are happy to advise and support you. Find out more…
Audit
On request, we can carry out internal audits for you, at your premises or those of your suppliers. And we provide potential for improvement with concrete recommendations. Find out more…
“We felt we were in good hands and have continued to expand our information security step by step. With a result that we are proud of.”
Markus Schätzle
Chairman – Schätzle Solutions AG
IT Security – Know-how Germany-wide
Information security starts with protecting individual files and extends to securing cloud services and data centers. As a standard, ISO 27001 provides a framework for an information security management system. This can be applied to any size and shape of organization, from one to hundreds of thousands of employees, and covers not only IT but also topics such as personnel security, physical and environmental security and mobile devices.
The protection of information assets has three main objectives: The confidentiality of information, the integrity of information and systems, and the availability of information and systems. The protection of IT systems against failure and the sufficient resilience of IT systems are fundamental to maintaining business operations and business continuity.
Where there is an increased need for protection, the establishment of an information security management system has proven its worth. Based on a risk analysis, the company’s information assets are identified and systematically protected by defining and implementing measures. It is possible to carry out an audit in accordance with ISO 27001 and prove to customers and clients that your data is handled professionally by means of an official certificate.
Special regulations apply to companies in certain sectors (energy, information technology and telecommunications, water supply, food, finance and insurance, healthcare, transport and traffic) (BSI Criticism Ordinance Section 10 of the BSI Act, IT security catalog pursuant to Section 11 (1a) of the Energy Industry Act). Building on solid information security, we are happy to support you in complying with the relevant regulations.
OUR SERVICES
Consulting
The start of the respective consulting project is usually an inventory and an analysis of the desired target state. Often, a GAP analysis is used to work out the areas for action and to develop measures for improving information security. For certification according to ISO 27001 or the IT security catalog, a short audit is a good idea. From the documentation created, the effort required until the respective certification audit can be calculated and presented. During implementation, we provide advice and support and, if desired, assist you all the way to certification.
support
The first step in implementation is to define the scope. This is followed by pragmatic implementation, chapter by chapter, in which the standard requirement is first considered. Then we create the necessary descriptions by adapting sample documents. In this way, a set of documents is created that is checked for conformity with the standard in the certification audit.
Audits
The first check for conformity with the standard takes place in the internal audit, which is the concrete implementation of the established audit program. However, the requirements of the respective standard are not only to be met within the company itself, but also at suppliers. This is done in the form of supplier audits. Through appointed lead auditors we can meet these requirements of the standards. Ask us about the implementation of internal or supplier audits!
SEMINARS AND WORKSHOPS
Information Security Foundations
Information security primarily serves to protect against dangers and threats and to prevent economic damage. We base the seminar on the requirements of your company. This includes a pragmatic approach to information security and, if required, an overview of the international ISO/IEC 27000 series and the procedure according to IT baseline protection.
Target groups – IT security officers, IT managers, security managers, network and system administrators, and interested managers
ISO/IEC 27001 Foundations
The ISO 27001 basic training provides basic knowledge on the subject of information security management in accordance with ISO 27001. After an overview and the joint development of the standard chapters 4-10, the measures from Annex A are discussed. The material is supplemented by practical ways of implementing the measures.
Target groups – IT security managers, ISMS managers, security managers, network and system administrators, and interested managers
Security Awareness Training
Time and again, studies show that people are the biggest weak point in information security. In a security awareness training course, we train your employees and show them how to maintain essential information security in their daily business. This includes dealing with passwords, e-mails, websites and the operating system on your own PC as well as handling external data carriers and possible social engineering attacks.
Target groups – All employees
Auditor training
In addition to the official certification every three years and the official interim audits, internal audits must also be verified when operating and implementing an ISMS. In addition to the theoretical basics of ISO 19011, the standard for auditing management systems, you will learn how to proceed using practical examples and will then be prepared to carry out your own audits precisely and document them appropriately.
Target groups – Employees with very good background knowledge in information security
“An overview of the theory and many practical applications. I was able to take a lot away with me for the implementation.”
Wolfram Wagner
CEO – Bytelancer
SUPPORT FROM A PRO
General IT security
Consulting
“During the consultation, we worked out step by step what to do next. I still work according to the introduced system today. The collaboration was very beneficial to me and I can recommend you without reservation.”
Sascha Ballach
Power Gesund GmbH
OUR TEAM
Jörn Hahn
Graduate mathematician with 15 years of experience in IT and IT security. Active throughout Germany as a consultant and auditor for TÜV. Lecturer at the MediaDesign University for Design and Computer Science.
Contact: joern.hahn@solid-point.de
Dr. Jan Kopia
Consultant, auditor and trainer in the field of information security, ISO 27001 and ISO 9001. Auditor for Critical Infrastructures with versatile experience in startups, SMEs and public authorities.
Contact: jan.kopia@solid-point.de
Alexander Csorba
Master International Economic Relations,
Project Management Office, assistance and organization in consulting and certification projects for ISO 27001.
Contact: alexander.csorba@solid-point.de
Sven Schubert
IT Project Manager
Consultant, trainer and project manager for IT, software development and information security projects with extensive experience in the government and start-up environment.
Contact: sven.schubert@solid-point.de
Dr. Felix Claus
Consultant and trainer
Consultant, trainer and expert for online courses in the field of IT and communication.
Contact: felix.claus@solid-point.de
CONTACT
Call us directly:
Jörn Hahn
Lead Auditor ISO/IEC 27001
Project coordination
+49 30 577 111 34
Nollendorfstraße 27
10777 Berlin
or send us an e-mail:
joern.hahn@solid-point.de