Information Security

As part of their monitoring obligations, our customers and partners regularly ask for proof of information security, for example in the form of an ISO27001 certificate.

At present, the cost of introducing an information security management system based on ISO27001 is not commensurate with the benefits.

In order to nevertheless meet the justified demands of our customers and our own high expectations, we have decided to implement technical and organizational measures (TOMs) on the basis of the CIS Controls.

The CIS Controls

The so-called “CIS Controls”, published by the “Center for Internet Security” define prioritized measures to protect corporate data and relevant information from known cyber attack vectors.

The CIS Controls are publicly available, regularly updated and are recognized as compatible with ISO 27001. The CIS Controls are divided into the following three categories:

    • Basic
    • Foundational
    • Organizational

The figure below provides a clear overview of the structures:

CIS Controls and categories
CIS categories based on CIS controls

Transmission of our technical and organizational measures

In the context of customer projects, we will be happy to provide you with our technical and organizational measures following the conclusion of corresponding confidentiality agreements.

Further questions?

Do you have further questions about the implementation of our technical and organizational measures?

Get in touch with us!