Why is ISO 27001 so important for AUCOTEC?
Quite simply: It is an important milestone in our efforts to continuously ensure the highest standards in information security and data protection. And information security is an extremely important topic, especially in a software company like ours that also operates globally.
You also have to keep in mind: In Germany and Europe in general we have a strong technical and legal standard that offers a high level of security. Our customers and partners around the world rely on these security measures.
How did you go about the certification process?
We analyzed all information processing processes in all departments of our company in detail and identified all critical points. We did this systematically and in a risk-oriented manner and took additional measures in all relevant areas where necessary. At the same time, we have designed our own information security management system (ISMS).
Why is such an ISMS necessary?
An effective information security management system (ISMS) offers us the opportunity to eliminate weak spots within our structures and significantly reduce security risks. The ISO 27001 standard specifies how to develop, implement, operate, monitor and continuously improve an ISMS.
What advantages does the certificate have for our customers – and us?
The basis of good business relationships is trust. The ISO 27001 certificate is a kind of seal of approval. It underlines: Our customers can rely on us to take the issue seriously and protect their confidential data.
In addition, more and more customers require this standard, which most companies in our industry and of our size simply do not have. ISO 27001 is considered the “premier class” among internationally recognized standards and is one of the most complex of its kind. Currently only around 1,600 valid certificates have been issued in Germany. We have one of these.
The certificate has to be confirmed again and again, right?
Absolutely. This certificate is also a kind of driving license. That means: you can also lose it. The certificate is initially only valid for three years. It is continually checked and re-certified. So there’s no such thing as standing still!
We deal with information and data security every day and continually improve ourselves.
And, we shouldn't forget: We are the manufacturer of – at least partially – process-critical software or a central component in an often complex system. ISO certification is particularly crucial for customers with critical infrastructure such as municipal stations or substations. We therefore have to act at a high level here. The standard is an important item for our future and our business strategy because it opens doors to new markets.