DE|EN
LEITWERK Consulting as IT project management consultancy for IT security and ISO 27001

Information security (ISO 27001 & TISAX)

Information security is often abstract. Controlling and managing risks can be a complex endeavour. We develop customised solutions and want our customers to fully understand our measures for ensuring information security and be able to use them in their day-to-day business.

The value of information is often underestimated in companies. At the same time, information security is often reduced to pure information technology (IT security) instead of including every type of information, whether in electronic form, printed on paper or as a spoken word.

An information security system (ISMS) in accordance with ISO 27001 defines procedures, rules and tools with which information security can be controlled, monitored, ensured and continuously optimised - in short: with the help of an ISMS, the protection of information can become an integral part of your company processes.

Contact us!

Our performance promise

  • //

    An up-to-date overview of your process and IT landscape forms the basis for understanding where you stand and which strategic and sensible steps need to be taken for a functioning ISMS.

  • //

    We support you in introducing the necessary processes, organisational structure and legally required documentation for an information security management system (ISMS) in accordance with ISO 27001.

  • //

    Our expertise in information technology as well as project and process management - combined with the relevant industry experience of our consultants - make LEITWERK a strong partner for ISMS projects.

The security of your information is a key factor in your business success. We provide a customised information security management system
Lilian Stecher
Senior Consultant

Our approach
The building blocks for the introduction of an information security system (ISMS)

1. Phase 06

ISMS intensive workshop

  • ISMS intensive workshop

    Scope, asset, hazard ... Do you know the text of the standard and how to categorise the terms? The confusion is great. What is behind it, what exactly is to be done and, above all, how?

    A basic understanding of the topic and the relevant terminology is essential. In a half-day workshop, the project team members involved receive the basic ISMS knowledge on ISO/IEC 27001. Dealing with the standard is essential, as the ISMS developed can only have a lasting effect if it is understood by everyone involved.

  • GAP analysis & action plan

    A gap analysis is used to compare the existing processes, documents and activities with the requirements of ISO 27001 and identify existing gaps. The measures required to fulfil the standard are then derived and an action plan is drawn up with the dedicated contact persons.

  • Processes & guidelines

    Your business processes are elementary components of an effective ISMS and are designed and documented in compliance with standards through skilful adaptation. In addition to processes and measures, adopted guidelines must also be documented. We provide a set of templates for the documentation framework required by ISO 27001. Based on these templates, the appropriate standard-compliant documentation is created for your company, including the guideline for information security, asset inventory and the necessary risk management.

  • Risk management

    For a risk-based ISMS, it is important to organise it as part of the company's internal processes and integrate it into the top management's corporate governance. Building on existing processes where possible, we identify your company assets that need to be protected. Threats and vulnerabilities are assessed and potential impacts and probabilities of occurrence are defined. Finally, by identifying measures to reduce risk, we establish an asset, risk and measures management system that must be continuously controlled in accordance with the defined specifications.

  • Team training

    To ensure information security, your employees need to know how to behave. To this end, we organise information and training events to convey the content of the (newly) developed processes, documents and requirements of the ISMS.

  • Internal audit / readiness assessment

    After the implementation phase, an internal audit is carried out to evaluate the effectiveness of the implemented measures. This involves checking the documentation of your ISMS as well as its implementation and effectiveness in practice. The results can also be used for management reporting.

Project examples

Implementation of an ISMS in accordance with ISO 27001 in the area of service provision

Scope of commission

Our client urgently needed support to provide proof of existing information security and to ensure a sustainable build-up of expertise in this area. As part of the assignment, two experienced LEITWERK consultants supported the client's 7-person team.

Initial situation

Many companies require proof of information security in the form of an ISO 27001 certificate to protect the information they use and the services they provide. For this reason, a project for the implementation of an ISMS was initiated on the basis of the company's specifications, with which it will also be possible to react quickly and flexibly to changing security requirements in the future.

Solution approach

In the first step, all existing documentation, processes and tools were intensively screened using a GAP analysis. This step also included a structural analysis as well as initial modelling and basic security checks. We then focussed on designing an ISMS (Information Security Management System) and determining the protection requirements. Throughout the project, employee empowerment was considered an essential component. In particular, this included teaching communication skills in order to involve all stakeholders at an early stage in the future.

Results

The targeted combination of project, process management and IT expertise led to the successful DIN ISO 27001 certification of the ISMS that was introduced. Standardised security processes also make it possible to react flexibly to all security-relevant events. All stakeholders are aware of the importance of the ISMS and information security has been anchored in the company's objectives as an important building block for the future.

Your advantages
...if you decide in favour of an ISMS according to ISO 27001 or TISAX with LEITWERK

  • Icon: Holistic approach

    Holistic approach

    Holistic approach that combines technical security mechanisms with organisational measures, making security an integral part of business processes. Our experience ensures that your ISMS is geared towards your business processes.

  • Icon ISMS as a competitive factor

    ISMS as a competitive factor

    Ensuring compliance with legal and contractual requirements promotes a positive internal and external image.

  • Icon Structure

    Structure

    With the help of an ISMS, we take a look at the current security level of IT systems and business processes. We uncover weak points, provide tips on how to close gaps and train your employees in handling sensitive data.

  • Icon Basis for decisions on the use of funds

    Basis for decisions on the use of funds

    The results of the risk assessment can be used as a basis for decision-making. In this way, the actual investment requirements can be determined and incorrect use of funds can be avoided.

  • Icon Transparency about IT systems and risks

    Transparency about IT systems and risks

    By setting up an ISMS, you gain transparency about your IT system network, the company processes and the resulting risks. An ISMS provides the framework for consciously dealing with risks and implementation strategies for reducing your risk potential.

  • Icon Security awareness throughout the organisation

    Security awareness throughout the organisation

    By establishing an ISMS, a generally increased and regular security awareness is achieved throughout the entire organisation.

Interested? We would be happy to send you detailed information about our solution.
Contact us!
Sebastian Linder - LEITWERK Consulting
Your contact person
Sebastian Linder
+49 89 189 235 96
sebastian.linder@leitwerk-consulting.com
...or write us via our contact form
Contact us!

More from LEITWERK
You coud also be interested in this

  • Icon Change management

    Change management

    Learn more
  • Icon integrated management systems

    Establishment and further development of integrated management systems

    Learn more
Search