Aug 4, 2020 - Company announcement
When the auditor itself is certified
Consist obtains ISO/IEC certification
ISO 27001 is the leading international standard for evaluating the security of information and IT environments. On July 15th, 2020 Consist Software Solutions GmbH received recognition for its long-standing expertise in this field with the awarding of the certification.
Kiel - The key prerequisite for certification according to ISO 27001 is the introduction of an information security management system (ISMS). The requirements for its implementation and documentation are contained in ISO 27001. The ISMS auditors at Consist advise other companies nationwide, not only on how to meet these requirements, but also on how to optimize the associated processes. Now, the IT service provider from Kiel has taken the time to obtain certification itself.
Thanks to the expertise of the information security team, who supported the certification by one of the largest auditors, DQS GmbH, the entire auditing process was gratifyingly quick. And this despite the fact that Part 1 of the audit took place during the most restrictive phase of the coronavirus regulations. Thus, Consist was one of the first companies in which a fully remote audit was carried out. For DQS as the certifier, this meant considerable additional effort in advance, in order for such a procedural approach to be approved by the Deutsche Akkreditierungsstelle (DAkkS) accreditation body.
If the total economic lockdown had continued, Consist would also have been ready for the final second audit to be carried out on a virtual basis. However, this could be carried out on site.
Throughout the whole process, it was certainly helpful that the Consist team has expertise in the successful implementation of ISO 27001, and itself supports ISMS projects. Because this ISO standard is described very generically, and tends to provide guidelines of a more fundamental nature, such as "the organization’s management must understand its organization". Therefore, some companies use ISO 27001 certification on the basis of the German IT-Grundschutz (IT baseline protection), to obtain firm guidelines for the individual measures to be implemented. Although such granularity along the lines of the BSI IT-Grundschutz Compendium was not necessary in the case of a specialist like Consist, under certain circumstances it may be useful for other larger companies, particularly if they initially want to gain a detailed overview of the status quo regarding the current implementation.