If only it were how easy!
Guidelines and policies are the highway code in information security. The various standards and laws such as ISO 27001, TISAX®, BSI IT-Grundschutz, KRITIS, NIS2 and others require a whole host of general as well as topic-specific guidelines.
These define and adopt the individual rules within an organisation and thus declare them to be binding. None of this works with off-the-shelf templates, because:
Benefit from our many years of expertise in setting up information security management systems (ISMS) and preparing companies of all sizes for certification. The biggest challenges that companies face:
ISO 27001 offers a lot of room for interpretation: these standards mainly describe what needs to be implemented, but do not provide any specific instructions on how this should be done. Our added value: We are ISMS auditors ourselves and know what is important. We translate unwieldy standards into concrete measures. Our aim is to define effective processes and policies while remaining pragmatic.
ISMS-Documentation
Target group 'employees'
Specific topics
Our motto for policies: The defined rules are effective (achieve the desired level of security), economical (reasonable cost-benefit ratio) and attractive (are easy to understand and fit in with the corporate culture).
An ISMS guideline is an overarching, strategic document in which the framework conditions, principles and measures for the protection of information within an organisation are defined. In addition to the why, i.e. the motivation for information security, the objective, the scope of application and the framework conditions for achieving the defined objectives (required roles and responsibilities, principles, etc.) are described.
In addition to an ISMS guideline, which normally does not define any specific requirements but merely describes the basic framework for establishing an ISMS, there are usually several guidelines on the various subject areas with specific requirements.
Templates provide a starting point by containing the essential topics required by a standard. They are then customised to the specific requirements of your company.
By customising policies, company-specific framework conditions (including the intended security level, the individual threat situation and other important factors) can be taken into account appropriately.
Thanks to our many years of experience in numerous consulting projects, we have a constantly growing pool of templates at our disposal. The policies customised by our consultants are regularly reviewed as part of audits, continuously developed and kept up to date with the latest technology.
As a security boutique, our aim is to develop effective, customised processes and guidelines. Of course, we do not constantly reinvent the wheel and draw on our set of templates for security guidelines and processes. However, in our opinion, added value is only created when the security guidelines and specifications cover the desired level of security, the cost-benefit ratio of the defined specifications is appropriate and the rules they contain are understandable for the target group. A template cannot provide this added value, which is why we rely on the expertise of our consultants.
Unfortunately, a generalised answer is not possible here. Isolated documents (e.g. information security guidelines, guidelines for information classification, risk management processes) can be created and finalised in around 5 days. For more complex topics such as a guideline on secure IT operations or a guideline on secure software development, up to 10 days. Please contact us so that we can understand your individual requirements and prepare a customised offer for you.
ISMS stands for Information Security Management System. It is a management system designed to protect the confidentiality, integrity and availability of information.
BCMS stands for Business Continuity Management System. The aim of a BCMS is to ensure the maintenance or continuation of business operations - even or especially in the event of disruptions.
A BCMS (Business Continuity Management System) focuses on reducing the probability of business interruptions on the one hand, but also on being able to continue operating time-critical business processes and workflows in the event of disruptions on the other. An ISMS focusses on the availability, confidentiality and integrity of (electronic, but also physical) information.
The ISMS guideline is the overarching document that describes the scope of the ISMS, its objectives and the underlying strategy.
An ISMS is an umbrella term for all processes, procedures and responsibilities for ensuring the confidentiality, availability and integrity of information. This includes the following components:
Some companies are legally obliged to set up an ISMS and regularly demonstrate its effectiveness. These include, for example, operators of critical infrastructures (KRITIS) and companies in the aviation security sector. More and more customers expect their partners or service providers to establish an ISMS to ensure security along the value chain.
With over 50 highly qualified cyber security experts and more than 20 years of experience, we support 500+ satisfied customers - including 50% of DAX companies and hundreds of medium-sized companies.
In addition, we have already sensitised over 1 million employees, managers, administrators and developers with our awareness training courses.
We are convinced that the values of our society must also be protected in cyberspace. That is why we help organisations to protect themselves with the right combination of technologies, processes and people.
In concrete terms, this means
In all of this, we take the approach of transferring successful cyber security strategies from corporate groups to SMEs with a sense of proportion and pragmatism, using high-quality best practices and standards.
In short: we see ourselves as a "boutique" and deliver class instead of mass.
Convinced? Let's tackle it together!