ISO/IEC 27001 - Information security management system

ISO/IEC 27001 - Information security management system

TÜV PROFiCERT information security management system

An information security management system (ISMS) structured in accordance with ISO/IEC 27001 forms the basis for containing identified threats to information security.
With ISO/IEC 27001 certification issued by TÜV Hessen, you can document the security and quality of your business processes to your customers and partners.


In addition, you receive various added values first-hand:

  • Company-wide risk management
  • Fulfillment of internationally recognized requirements
  • High degree of transparency and confidence − for customers and partners
  • First-class marketing tool which distinguishes you clearly from your competitors
  • Proof of the organization's dependability for legislators, customers, partners, insurance companies and suppliers
  • Efficient monitoring and continuous improvement of information security
  • Appropriate and permanent guarantee of availability, confidentiality and integrity of company-relevant information
  • Holistic awareness with regard to the protection of all information, irrespective of how it is depicted and/or stored
  • Relief of management through meeting due diligence requirements
  • Reduction of liability risks, including by shifting the burden of proof where applicable
  • Compliance, e.g. with data privacy protection regulations

About the standard ISO/IEC 27001 covers the following topic areas:

Management of risks
Security policy
Organization of security
Categorization and supervision of the corporate values
Physical and environment-related security
Management of communication and of the company
Access control
System development and maintenance
Incident management
Management of continuous business operations
Compliance with obligations (statutory and customer-specific)

  • Value definition/security policy
  • Definition of the area of validity of the ISMS, the procedures and the measures
  • Documentation of a systematic risk analysis
  • Explanation on the applicability of standard ISO/IEC 27001

Requirements for certification

Following a positive certification decision, a certificate valid for 3 years is issued. During these 3 years, two surveillance audits take place at scheduled intervals. They include random testing of the application and effectiveness of the ISMS.

You want to know more?
Contact us by eMail or Phone: +49 6151 600-331

back to TÜV PROFiCERT table of contents