Due to business-critical dependencies, our customer was forced to adapt its IT to international security standards. Declared target was the certification according to ISO 27001 and BSI standard. However, hardly any conditions necessary were met.

Preparation for ISO 27001 certification

Sector

Industry

Project sponsor

CIO / CFO

Challenge

  • No certified IT security
  • Massive pressure from the customers calling for ISO 27001 certification
  • Competitive disadvantage relative to other manufacturers with ISO certification

Reasons

  • Business-critical supplier relations to the customers (time-sensitive, IT security relevant, high financial risk)
  • Massive dependencies between the few customers of the company and the company itself
  • To date only technical approaches for IT security, however, hardly any organizational aspects
  • No central IT Security Officer, hardly any suitable skills and resources in the company
  • Consideration of the IT as cost centre, however, not as potential competitive advantage

Vision

  • Introduction of ISO 27001-conform structures (e.g. Information Security Management System)
  • Sustainable IT security architectures across all parts of the company and subsidiaries

Our contribution

  • Performance of security audits
  • Risk and security process analyses as well as relevant appraisals, assessments, cost-benefit analyses, etc.
  • Sensitization of corporate management as to IT security issues
  • Definition and introduction of ad-hoc measures in the IT security environment
  • Optimization and coordination of various IT security activities within the company

Results

  • Adaptation of the overall IT strategy in consideration of essential IT security requirements
  • Establishing the basis for later ISO 27001 certification, according to BSI standard
  • Initiation and prioritization of economically reasonable and suitable security measures
  • Establishing the essential prerequisites for successful ISO 27001 certification

Due to business-critical dependencies, our customer was forced to adapt its IT to international security standards. Declared target was the certification according to ISO 27001 and BSI standard. However, hardly any conditions necessary were met.

Managing complexity

„Priorities of Insentis are strategy development, personal coaching and targeted management of large projects in complex situations.“

Dr. Roland Schütz, EVP Information Management & CIO Deutsche Lufthansa AG, about the cooperation with Insentis GmbH (in german language)


We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.