TÜV-certified according to ISO/IEC 27001:2022: Projektron stands for information security at the highest level

What does ISO/IEC 27001:2022 mean?

The international standard ISO/IEC 27001 specifies requirements for the introduction, implementation, maintenance, and ongoing improvement of a documented information security management system. The aim is to protect confidential information, ensure data integrity, and guarantee the availability of IT systems.

The revised 2022 version further tightens the requirements for the risk-based approach and the structuring of security measures. For companies such as Projektron, this means an even stronger focus on systematic analysis, control, and continuous optimization of their own security processes.

Projektron: Commitment to information security

Since 2008, Projektron has relied on a comprehensive quality management system based on ISO 9001. This system covers all phases of the value chain – from the product idea to development, testing, and documentation to commissioning at the customer's site and customer support. In 2017, we expanded our commitment to include an information security management system (ISMS) in accordance with ISO 27001. This decision was a response to the increasing demands on cyber security and data protection, which are particularly pressing in today's world of social media and ransomware. The first certification of the ISMS according to ISO 27001 took place in 2018 and recertification in 2021 by TÜV Süd. Further recertification according to ISO 27001:2013 took place in 2024 by TÜV Rheinland, which also carried out certification according to ISO/IEC 27001:2022 in the first quarter of 2025.

Why we are certified – and how our customers benefit

Our customers work with sensitive data – project plans, budgets, strategic information. That's why it goes without saying that security is not just a promise for us, but something that can be proven. Certification according to ISO/IEC 27001:2022 confirms:

• A comprehensive security concept: from software development to hosting to IT support
• Systematically defined processes based on risk analyses
• Technical and organizational measures that ensure the protection of information
• Regular audits and continuous improvements, documented and reviewed by external auditors

Integrierte Sicherheit – von Anfang an

Sicherheit beginnt bei Projektron bereits in der Entwicklung. Unsere Softwarearchitektur ist auf Sicherheit ausgelegt, unsere Entwicklungsteams arbeiten nach sicheren Coding-Guidelines, und alle Anwendungen werden regelmäßig aktualisiert. Darüber hinaus betreiben wir unser Hosting in zertifizierten Rechenzentren in Deutschland – DSGVO-konform und auf dem neuesten Stand der Technik.

Unser Supportportal, interne Schulungen, Zugriffskontrollen und der sorgfältige Umgang mit Kundenanfragen sind ebenfalls Teil unseres ISMS. Denn Informationssicherheit endet nicht beim Quellcode – sie ist Teil unserer Unternehmenskultur.

Our path to ISO/IEC 27001:2022 certification

We planned the implementation of an ISMS and the steps toward initial certification as a project in Projektron BCS. A detailed success story has already been published. The short version is as follows: In October 2016, we decided to create an information security management system (ISMS) for the areas of development, support, IT services, and internal IT administration. The introduction of an ISMS was intended to ensure information security across the entire value chain while giving us a competitive advantage.

The introduction of the ISMS

For the introduction of the ISMS, Projektron GmbH benefited from the trusting cooperation with secuvera GmbH, a certified security service provider, and r-tec Security GmbH, also an experienced partner. Both supported us in the introduction and optimization of our ISMS. Certification was carried out by TÜV SÜD AG.

Project

The project to introduce an ISMS was launched in October 2016 and completed in February 2018 with ISO 27001 certification. Over the course of a year and a half, approximately 150 days of work and costs of around €100,000 were invested. The project was divided into four phases:

1. Consulting, initial training, and design: During a three-day workshop, our employees were trained by secuvera in the requirements of ISO 27001. Our ISMS team then worked with a secuvera consultant to develop a concept for applying the standard to our company.
    
2. Optimization of the ISMS and integration of processes: With the support of r-tec Security, we improved the existing ISMS concept and integrated the processes and documents into our Projektron BCS project management software. This integration enabled us to quickly and easily document the ISMS processes and identify weaknesses.
    
3. Internal audits and preliminary review: In this phase, the ISMS was tested for suitability and compliance with standards. Management requirements and their implementation were evaluated over three audit days. The audit confirmed that the ISMS was already at an advanced stage, but also identified potential for improvement.
    
4. External audit and certification: The final certification was carried out by TÜV SÜD AG in two steps. First, a one-day preliminary audit was conducted, followed by a Stage 1 audit to verify compliance with the standard and a Stage 2 audit to evaluate the regulations for employees.

Certification was successfully completed in February 2018. Recertification followed in November 2021. The current recertification by TÜV Rheinland in the first quarter of 2025 reaffirms our commitment to the highest security standards.

The benefits of ISO/IEC 27001 certification

ISO/IEC 27001 certification brings numerous benefits:

1. Trust and security

ISO/IEC 27001 certification confirms our commitment to the highest security standards and shows our customers and partners that information security is a priority for us. This certification strengthens our confidence in our security practices and those of our customers.

2. Competitive advantage

ISO/IEC 27001 certification gives us an important differentiator from our competitors. It underscores our commitment to information security and gives us a competitive advantage in the marketplace.

3. Regulatory compliance

The certification helps us comply with international regulations such as the GDPR. It reduces our risk profile and lowers costs by minimizing security risks and optimizing our structures.

4. Continuous improvement and outlook

Our ISMS is continuously being developed. Planned enhancements include a supplier audit and the introduction of a password management system. These measures are part of our commitment to further improve information security and adapt it to new challenges.

Conclusion: Further raising standards

ISO/IEC 27001:2022 certification is not only proof of our commitment to information security, but also a continuous process of improvement and adaptation to new challenges. Projektron GmbH will continue to do everything in its power to maintain and exceed our security standards.

For more information about our ISO/IEC 27001 certification and our information security measures, please visit our Quality and Security page or contact our experts.