In a corporate context, information security covers the technical, organisational and process-related measures used to handle a worst-case scenario. These measures – known as ‘controls’ – are defined by ISO 27001. Companies pass an ISO 27001 audit only if their controls comply with the standard – as is the case with Monday Consulting. So what’s in it for you, as our customer? Read on to find out more.
Published by the International Organization for Standardization (ISO), ISO 27001 is the most recognisable standard for information security worldwide. The standard defines basic safeguards for protecting company and customer data. One of the issues that this addresses is the prevention of IT security incidents at a company.
In a business, information security not only includes protecting against cyberattacks or data leaks, for example, but also the handling of security incidents and legal issues as well as human resource and operational security. In accordance with the ISO 27001 standard, we used an iterative approach to set up an information security management system (ISMS), developed this in a continuous improvement process (PDCA cycle) and then commissioned experts from TÜV NORD to perform an ISO 27001 audit. Our ISO 27001 status is regularly recertified and renewed.
ISO 27001 focuses on protecting the confidentiality, integrity and availability of the information held and used by a company. The first step in the process is to identify the potential risks that could arise in connection with this information. The next task is then to define the specific actions that can be taken to avoid, mitigate and handle these risks. Good security is, after all, a question of preparedness.
The security measures to be taken comprise internal policies and procedures as well as details of the necessary technical implementations (which may involve regular backups, a firewall or the use of antivirus software, for example). Organisational rules are also introduced with the aim of closing any security holes. All of these elements make up the ingredients for an information security management system – with the recipe being provided by ISO 27001.
Information security doesn’t just protect against economic loss but also works to create trust and build customer confidence in a company. Monday’s ISO 27001-certified ISMS protects us and our customers alike from cyberattacks and other IT security incidents, and safeguards the integrity of all our systems. Our certification means we can guarantee our customers first-class information security with a minimal risk of financial loss or a loss of trust.
Our Information Security Officer Christian Bockrath will be happy to answer any questions you may have about the topic of information security at Monday Consulting.