Michael Döhmen and a representative from TÜV Rheinland hold up the suresecure ISO certificate.

Strategic management of IT security

Structure & implementation
of an ISMS

An ISMS secures a company's information assets and creates sustainable structures for greater resilience through processes, measures and continuous improvement. We support you as a partner in the systematic development and successful implementation of an ISMS in accordance with ISO/IEC 27001. One key to success: internal communication. As the entire company must be involved here, the involvement and buy-in of all employees is absolutely crucial for the development of a holistic security organisation.

Personal

In my experience, effective security always starts with leadership. Responsibilities, decision-making channels and escalation criteria must be clearly and bindingly regulated, because only on this basis can operational measures take effect. The ability to act arises from a clearly defined time frame with concrete objectives.

Erik Krüger

Information Security Officer | Governance, Risk & Compliance Consultant

basis for information security

controlled security
Establish management

An ISMS (Information Security Management System) is the foundation for managing information security in your company in a sustainable and traceable manner. Alignment with recognised standards such as ISO/IEC 27001 creates transparency, risk minimisation and legal certainty in management as well as in operational business.

controlled security

management summary

transparency and
continuous improvement

With a structured ISMS in accordance with ISO/IEC 27001, you get robust processes, clear responsibilities and centralised documentation for all security-related topics.

The result: greater transparency, minimised risks and a demonstrably enhanced security culture, now and in the future.

transparency and

The introduction of an ISMS takes

ISMS introduction
is a longer process

1

Project preparation

  • Analysis of security level, objectives and organisation
  • Joint definition of the project scope

2

Document review

  • Review and supplement existing ISMS documents
  • Development of a centralised list of measures

3

Structure of document master

  • Creation of all necessary ISMS documents
  • Selection of suitable guidelines and processes

4

Gap analysis

  • Comparison with corporate reality
  • Derivation of further possible measures

5

Action management

  • Centralised control of all tasks
  • Continuous tracking and progress monitoring

6

Quality assurance & finalisation

  • Transfer of all results to the organisation
  • Final presentation and handover

ISMS and NIS 2 on the home straight:
The endurance sport of information security

We discussed the entire path of an ISMS project in the episode ISMS and NIS2 on the home straight: Endurance sport of information security times discussed. Michael talks to Erik Krüger, Information Security Officer and Consultant at suresecure, about why security is not a sprint, but a long-term training process. Instead of quick wins, it takes strategy, discipline and the right rhythm. Erik explains how companies with a functioning ISMS already fulfil most of the NIS 2 requirements, what really matters during implementation and why motivation and communication are crucial for success.

Your contact person

Jannik Lindemann

Account Executive