Banner Insentis Portfolio IT Security

Information Security Management & Business Continuity

We act with our certified consultants both as an auditor in the context of a certification of your ISMS, DSMS, IDSMS, BCMS and also support you in the implementation of such a management system. Furthermore, we prepare and accompany you during external audits according to compliance standards, such as ISO 27001, BSI IT-Grundschutz, EU-DSGVO, PCI-DSS, PSD2, BaFin (BAIT, ZAIT, MaRisk), KRITIS/B3S, TISAX, SOC 2 and HIPAA.

Information Security Management System (ISMS)

An information security management system (ISMS) is a "management system for information security" that regulates, controls, monitors and improves measures, processes and guidelines with the aim of meeting information security objectives of confidentiality, integrity and availability. An information security and data protection management system (IDSMS) combines data protection and IT security so that synergies can be exploited.

Without knowing which assets and processes need to be protected, which compliance guidelines are important, and what maximum downtime is tolerable for which systems, measures for protection are often intuitively used incorrectly and not prioritized correctly. Our consultants as certified ISO 27001 lead auditors and certified data protection officers (IHK) support you in the following problems:

  • Implementation and auditing of the Information Security Management System (ISMS) according to international and national norms as well as compliance standards.
  • Our certified ISO 27001 Lead Auditors accompany you during a certification according to ISO 27001
  • Establishing compliance with relevant standards and requirements
  • We create and optimize processes for risk assessment and management on the basis of asset- or process-based analyses and thus address your individual organization
  • In the course of workshops, interviews, document reviews and technical spot checks, we conduct gap analyses on the above standards to determine the maturity level, identify key findings, and derive quick wins and prioritized measures.
  • In the context of supplier relationship security, we review SLAs, TOMs and information security requirements such as ISMS, Hosting, Application Security

Information Security and Data Protection Management System

When developing an information security and data protection management system, we follow the ISDMS cycle developed at Insentis, which has been proven many times over and repeatedly optimized in the course of numerous projects, for setting up an information security and data protection management system and use a process model based on the Plan-Do-Check-Act model (PDCA).

ISDMS Zyklus

 

Information Security Maturity Assessment

The information security maturity assessment begins with a review of the customer's ISMS-relevant documents and a preliminary assessment in accordance with recognized standards such as ISO 27001, B3S, BAIT, BSI IT-Grundschutz or TISAX.

In order to obtain the broadest possible picture of the current state of information security in the company, an audit of the ISMS based on interviews and random checks will then be carried out.

In the course of a one-day workshop with the customer's stakeholders relevant to IT security, a strong focus is placed on the organizational and process measures of the information security management system (ISMS) in addition to the most important aspects of the technical security measures:

ISMS Quick Check
ISMS Quick Check

 

The documented results of the quick check serve as the basis for deriving prioritized technical, organizational and process-related measures with the aim of progressively raising the IT security status to an appropriate level and ensuring compliance of the ISMS in accordance with common standards such as ISO 27001 and BSI IT-Grundschutz.

Interim ISO / CISO

Insentis provides an external Information Security Officer (ISO) or Chief Information Security Officer (CISO) as full-time or part-time support to maintain compliance and improve data protection and information security.

The skills required of a CISO range from technical to organizational expertise such as risk management, compliance and leadership.

We offer the provision of a certified ISO/CISO with all the required skills. An Information Security Officer is responsible for all issues related to information security in the institution. His or her responsibilities include:

  • Control and coordinate the safety process
  • Support the management in the creation of the safety guideline
  • Coordinate the creation of the security concept and associated sub-concepts and guidelines
  • Prepare implementation plans for security measures and initiate and review their implementation
  • Report on the status of information security to management and other security officers
  • Coordinate security-related projects
  • Investigate security incidents and
  • Initiate and coordinate information security awareness and training sessions
  • Implement and maintain an ISMS (Information Security Management System)

Business Continuity Management (BCM)

We develop an individual Business Continuity Management System for you based on ISO 22301, BSI 100-4 Emergency Management and embed it into your existing ISMS e.g. according to ISO 27001. We also check and test your existing system by means of an internal review or as part of a crisis exercise.

  • Development of a Business Continuity Management System (BCMS) based on ISO 22301
  • Development of a disaster recovery plan (DRP)
  • Conducting crisis exercises to review and improve the BCMS, DRP and crisis communication in the organization
  • Classification of threat scenarios and development of associated escalation measures
  • Creation of checklists
  • Awareness scenarios and training

Advantages of BCMS

BCMS and DRP not only help you to remain capable of acting in various crisis scenarios, to secure your existence and to be able to act effectively and efficiently. BCMS and DRP secures the operation of your core processes through their structured and holistic approach.

BCM and DRP, through their structured and holistic approach, offer many benefits to companies potentially facing disruptions to their organizational operations, these are wide ranging and include (not prioritized):

  • Reduction of downtime and recovery times for processes and applications in the event of disruptions or crises
  • Structured approach and clear communication channels in case of incidents
  • Clear responsibilities and competencies
  • Holistic risk assessment in the business context and its mitigation
  • Structured involvement of top management
  • Ensuring compliance requirements e.g. KRITIS, ISO 27001:2013
  • Increased stability of business processes through fault tolerance
  • Increased trust of your customers through verifiable data and process security

Implementation using the BCMS Cycle

By using our BCMS cycle, we ensure the implementation of a risk-oriented BCMS to secure your business-critical processes:

 BCM Cycle

Data Loss Prevention

Data Loss Prevention (DLP) serves to protect against the unwanted outflow of critical data. To be able to use DLP sensibly, you first need a correct data classification and a holistic concept to establish all measures sensibly and also enforce them organizationally, because a policy alone is usually not enough. Both for technical measures such as the encryption of external storage media, the protection of mobile workstations or the blocking of undesired cloud services, we can support you here and work with you to develop an overall concept that is individually tailored and suitable for your needs.

  • Design and implementation of a DLP
  • Data classification
  • Requirements for handling privacy classes
  • Securing Intellectual Properties
  • Measures to prevent shadow IT

 

 

scroll to top