Banner Insentis Portfolio IT Security

Information Security Management 

We act with our certified consultants both as an auditor in the context of a certification of your ISMS, DSMS, IDSMS, BCMS and also support you in the implementation of such a management system. Furthermore, we prepare and accompany you during external audits according to compliance standards, such as ISO 27001, BSI IT-Grundschutz, EU-DSGVO, PCI-DSS, PSD2, BaFin (BAIT, ZAIT, MaRisk), KRITIS/B3S, TISAX, SOC 2 and HIPAA.

Information Security Management System (ISMS)

An information security management system (ISMS) is a "management system for information security" that regulates, controls, monitors and improves measures, processes and guidelines with the aim of meeting information security objectives of confidentiality, integrity and availability. An information security and data protection management system (IDSMS) combines data protection and IT security so that synergies can be exploited.

Without knowing which assets and processes need to be protected, which compliance guidelines are important, and what maximum downtime is tolerable for which systems, measures for protection are often intuitively used incorrectly and not prioritized correctly. Our consultants as certified ISO 27001 lead auditors and certified data protection officers (IHK) support you in the following problems:

  • Implementation and auditing of the Information Security Management System (ISMS) according to international and national norms as well as compliance standards.
  • Our certified ISO 27001 Lead Auditors accompany you during a certification according to ISO 27001
  • Establishing compliance with relevant standards and requirements
  • We create and optimize processes for risk assessment and management on the basis of asset- or process-based analyses and thus address your individual organization
  • In the course of workshops, interviews, document reviews and technical spot checks, we conduct gap analyses on the above standards to determine the maturity level, identify key findings, and derive quick wins and prioritized measures.
  • In the context of supplier relationship security, we review SLAs, TOMs and information security requirements such as ISMS, Hosting, Application Security

Information Security and Data Protection Management System

When developing an information security and data protection management system, we follow the ISDMS cycle developed at Insentis, which has been proven many times over and repeatedly optimized in the course of numerous projects, for setting up an information security and data protection management system and use a process model based on the Plan-Do-Check-Act model (PDCA).

ISDMS Zyklus

 

Information Security Maturity Assessment

The information security maturity assessment begins with a review of the customer's ISMS-relevant documents and a preliminary assessment in accordance with recognized standards such as ISO 27001, B3S, BAIT, BSI IT-Grundschutz or TISAX.

In order to obtain the broadest possible picture of the current state of information security in the company, an audit of the ISMS based on interviews and random checks will then be carried out.

In the course of a one-day workshop with the customer's stakeholders relevant to IT security, a strong focus is placed on the organizational and process measures of the information security management system (ISMS) in addition to the most important aspects of the technical security measures:

ISMS Quick Check
The documented results of the quick check serve as the basis for deriving prioritized technical, organizational and process-related measures with the aim of progressively raising the IT security status to an appropriate level and ensuring compliance of the ISMS in accordance with common standards such as ISO 27001 and BSI IT-Grundschutz.

Third Party Risk & Supplier Management

In an increasingly interconnected and globalized business world, collaboration with external service providers and suppliers is essential. However, involving third parties also brings significant risks that can impact both information security and regulatory compliance. Third Party Risk & Supplier Management is key to identifying, assessing, and mitigating these risks. Effective supplier management ensures that your business processes not only run smoothly but are also protected in the long term.

Our Offering: Tailored Solutions for Your Supplier Management

We offer a comprehensive Managed Service specifically designed to address the challenges of Supplier Management and Third Party Risk Management. Our solution combines professional expertise with innovative technologies, particularly the Security Scorecard tool, to enable you to continuously assess the risks associated with your suppliers.

Approach:

  1. Supplier Management Workshop to Analyze the Current Situation

    • We organize a workshop to thoroughly assess the current state of your supplier relationships. Together with you, we analyze the relevant processes in your company, identify existing risks and weaknesses, and lay the foundation for effective risk management.

  2. Development of an Implementation Concept for Supplier Risk Management

    • Based on the insights gained, we develop a customized concept for implementing comprehensive supplier risk management. Here, we utilize Security Scorecard to continuously evaluate the security posture of your suppliers. Additionally, we plan and create specific questionnaires as a method for risk analysis, which are applied during the three critical phases: before contract conclusion, during contract conclusion, and after contract conclusion/retest.

  3. Implementation of the Concept

    • We create specific questionnaires, including general questionnaires, SaaS-specific questionnaires, as well as hosting and operations questionnaires in English. We consider your individual requirements and guidelines to ensure that the questionnaires are optimally integrated into your existing company processes. Additionally, we support you in drafting contract templates that incorporate all necessary adjustments for third-party providers.

With our Managed Services and the use of Security Scorecard, you maintain a clear overview of your suppliers' risks at all times. This allows you to proactively take measures to mitigate risks and ensure that your supply chains are robust and resilient to potential threats.

Cyber Insurance

Cyber insurance is a type of insurance that protects companies, self-employed individuals, and even private individuals from the financial consequences of internet-based attacks. It not only protects against cybercrime but also covers damages that may arise from various IT security incidents. Cyber insurance is an important component of information security management, as it can mitigate the risks of financial losses, liability claims, business interruptions, or reputational damage.

We offer our assistance in selecting and securing the right cyber insurance for you. We analyze your individual needs and risks and compare different offers and rates on your behalf. We advise you on the coverage and exclusions of cyber insurance and support you in the event of a claim. With our help, you can optimally protect yourself against the dangers from the internet.

Provision of External CISO/CISO as a Service

Our ISO 27001 certified CISOs possess a wide range of skills, from technical expertise to organizational knowledge in risk management, compliance, and leadership. Their responsibilities include:

  • Implementation and maintenance of ISMS (Information Security Management System)
  • Assistance and support during audits (e.g., ISO 27001, BaFin, TISAX, B3S)
  • Coordination of the development of security concepts, policies, and their implementation
  • Initiation and monitoring of security measures
  • Reporting on the status of information security to the executive level and security officers
  • Coordination of security-related projects and investigation of security incidents
  • Initiation and coordination of information security training programs

Provision of External DPO: Implementation of DSMS

We also offer the provision of certified Data Protection Officers (DPOs) with extensive expertise, particularly in compliance with the EU GDPR. The main tasks of the DPO include:

  • Creation of a Data Protection Management System (DSMS) and integration into the Information Security Management System (ISMS) as a comprehensive Data Protection and Information Security Management System (IDSMS) to ensure and manage EU GDPR compliance
  • Conducting GDPR compliance checks for:
    • Company-wide processes and technical and organizational measures (TOMs)
    • Individual projects and applications
    • Websites
    • Apps
  • Raising awareness of data protection obligations and monitoring compliance
  • Development and implementation of data protection measures
  • Acting as a point of contact for authorities and data subjects
  • Creation and management of a record of processing activities
  • Advising and supporting on Data Protection Impact Assessments (DPIAs) according to Article 35 GDPR
  • Supporting management, employees, and departments in handling personal data
  • Training employees on the handling of personal data

In addition, we offer coaching for your DPO, CISO, or Chief Data Protection Officer (CDPO) to help them achieve their goals effectively. We have the necessary experience, technical skills, and certifications to provide this service optimally for you.

See also: Business Continuity Management

 

 

scroll to top