09/06/2024 - Firmen-News
A focus on information security: ISO/IEC 27001:2013 certification for Projektron
In an increasingly digitized world, information security and data protection are of the utmost importance. The ISO/IEC 27001:2013 certification represents a crucial standard for information security management systems (ISMS). Projektron GmbH has now undergone this standard for the third time. In the first quarter of 2024, we received certification from TÜV Rheinland, a sign of our commitment in these critical areas.
What is ISO/IEC 27001:2013?
ISO/IEC 27001:2013 is an internationally recognized standard for information security management systems (ISMS). It describes the requirements for implementing, managing and continuously improving security measures to ensure the confidentiality, integrity and availability of information. This standard ensures that companies have a systematic and continuous approach to identifying and combating information security risks.
Projektron: Commitment to information security
Since 2008, Projektron has relied on a comprehensive quality management system based on ISO 9001. This system covers all phases of the value chain – from the product idea to development, testing and documentation, to customer implementation and customer support. In 2017, we expanded our commitment to include an information security management system (ISMS) according to ISO 27001. This decision was a response to the increasing demands on cyber security and data protection, which are particularly pressing in today's world of social media and ransomware. The first certification of the ISO 20001 ISMS took place in 2018, with a recertification in 2021.
New certification 2024
In 2024, we were once again awarded the ISO/IEC 27001:2013 certification by TÜV Rheinland. This certification confirms our ongoing commitment to meeting and exceeding the highest security standards.
Our certificate can be viewed online in the certificate database of TÜV Rheinland.
Secure software development and IT services
Projektron places a high value on the security of our web-based project management solution Projektron BCS. Our page on information security offers detailed insights into our measures for secure software development and IT services.
- Secure software development: Find out how we ensure the confidentiality, integrity and availability of your information through secure development processes.
- Secure hosting: Discover our measures for secure hosting and continuously ensuring system integrity.
- Support portal & web app: Find out about the security and configuration settings that our ticketing system provides for your own helpdesk and our web app.
Information security measures in product development and hosting
Objectives and requirements of ISO/IEC 27001
ISO/IEC 27001:2013 focuses on three main objectives of information security:
- Confidentiality: Ensuring that information is only accessible to authorized persons.
- Integrity: Ensuring that information is complete and correct and is not changed without authorization.
- Availability: Ensuring that information and systems are available when needed.
These objectives are achieved by implementing a comprehensive management system that identifies and assesses risks and develops appropriate risk mitigation measures.
The key components of our ISMS
1. Risk management
A central component of our ISMS is risk management. In this context, we identify potential risks to information security and assess their impact. Based on this assessment, we develop measures to minimize the identified risks. Our emergency management plans are designed to respond quickly to security incidents and limit damage.
2. Training and education
Our employees play a crucial role in ensuring information security. We therefore provide regular training and development to ensure that all employees understand the importance of information security and stay up to date. New employees receive training during their induction, and existing employees regularly attend refresher courses on current topics and risks.
3. System audits and continuous improvement
Annual system audits are an essential part of our ISMS. These audits help us to systematically check our IT services for vulnerabilities. The focus is on risk assessments, access rights and encryption. Through continuous improvement, we integrate security requirements and findings from penetration tests into our processes.
Our path to ISO/IEC 27001:2013 certification
We planned the implementation of an ISMS and the steps towards the first certification as a project in Projektron BCS. A detailed user report has already been published about this. The short version is as follows: In October 2016, we decided to create an information security management system (ISMS) for the development, support, IT services and internal IT administration departments. The introduction of an ISMS was intended to ensure that information security is guaranteed across the entire value chain and at the same time give us a competitive advantage.
Introduction of the ISMS
For the introduction of the ISMS, Projektron GmbH benefited from the trusting cooperation with secuvera GmbH, a certified security service provider, and r-tec Security GmbH, also an experienced partner. Both supported us in introducing and optimizing our ISMS. Certification was carried out by TÜV SÜD AG.
Project description
The project to implement an ISMS was launched in October 2016 and completed in February 2018 with certification according to ISO 27001. In the year and a half, approximately 150 days of effort and costs of around €100,000 were invested. The project was divided into four phases:
- Consultancy, initial training and design: During a three-day workshop, our employees were trained by secuvera in the requirements of ISO 27001. Subsequently, our ISMS team worked with a secuvera consultant to develop a concept for applying the standard to our company.
- Optimization of the ISMS and integration of processes: With the support of r-tec Security, we improved the existing ISMS concept and integrated the processes and documents into our Projektron BCS project management software. This integration enabled us to quickly and easily document the ISMS processes and identify vulnerabilities.
- Internal audits and preliminary audit: In this phase, the ISMS was tested for suitability and compliance with the standard. During three days of audits, management requirements and their implementation were evaluated. The audit confirmed that the ISMS was already at an advanced stage, but also identified potential for improvement.
- External audit and certification: The final certification was carried out by TÜV SÜD AG in two steps. First, a one-day pre-audit, followed by a stage 1 audit to verify compliance with the standard and a stage 2 audit to evaluate the regulations for employees.
In February 2018, certification was successfully completed. Recertification followed in November 2021. The current recertification by TÜV Rheinland in the first quarter of 2024 reaffirms our commitment to the highest safety standards.
Holistic quality and information security management
Find out how we ensure the highest security and quality standards through our integrated management system on our Quality and Security page.
- Certified management system: Our continuous efforts to improve information security and our certified management system
- TISAX® audit procedure: How we meet the high security requirements of the automotive industry through TISAX® audits
- Quality management: How we continuously improve our products and services through systematic customer feedback
- IT administration and support: Our IT administration and support portal are designed to meet the highest security standards. We regularly secure our systems and ensure security when handling customer information.
Quality and information security management at Projektron GmbH
The benefits of ISO/IEC 27001 certification
ISO/IEC 27001 certification brings numerous advantages:
1. Trust and security
ISO/IEC 27001 certification confirms our commitment to the highest security standards and shows our customers and partners that information security is a priority for us. This certification strengthens our trust in our security practices and those of our customers.
2. Competitive advantage
With ISO/IEC 27001 certification, we have gained an important differentiator from our competitors. It highlights our commitment to information security and gives us a competitive advantage in the market.
3. Compliance
The certification helps us to comply with international regulations such as the GDPR. It reduces our risk profile and lowers costs by minimizing security risks and optimizing our structures.
4. Continuous improvement and outlook
Our ISMS is continuously being developed. Planned expansions include a supplier audit and the introduction of a password management system. These measures are part of our commitment to further improve information security and adapt it to new challenges.
Conclusion: Continue to raise the bar
ISO/IEC 27001:2013 certification is not only proof of our commitment to information security, but also a continuous process of improvement and adaptation to new challenges. Projektron GmbH will continue to do everything in its power to maintain and exceed our security standards.
For more information about our ISO/IEC 27001 certification and our information security measures, please visit our Quality and Security page or contact our experts.