For companies, dealing with sensitive data is a challenge in many ways. On the one hand, the constant increase in data volumes is a basic prerequisite for efficient work and strategic business management; on the other hand, unmanageable data volumes increasingly harbor risks. Negligence or concrete violations of legal regulations can open the floodgates to data misuse and cause corresponding damage. Government efforts to regulate the handling of data are therefore more than understandable. With the GDPR, the state is fulfilling its responsibility to protect citizens. Furthermore, companies can take additional measures in the area of information security. With the certification according to ISO 27001, projekt0708 takes an important step to put information security on a solid foundation.
"When it comes to information security, we cannot and will not leave anything to chance in the interest of our customers," emphasizes Valentin Listl, Information Security Officer at projekt0708. "With ISO 27001, we document a contemporary maximum level of information security, with which we reliably protect ourselves as well as our customers in equal measure."
Against this backdrop, projekt0708 has been working intensively since June 2021 to create all the necessary requirements for ISO 27001 certification. The final comprehensive audit took place at the end of March and resulted in the official certification. The scope of the certificate covers the entire product and service portfolio as well as any support processes of projekt0708 GmbH/Ltd.
Considering the high effort involved in the entire process, the certification allows projekt0708 to clearly stand out from direct competition. According to data from the online portal Statista, 1,281 companies were validly certified across all industries in 2020. In the field of HR consulting and services, these are principally large, industry-leading companies.
"With ISO certification, we are not only consciously increasing the quality of our project work," Listl explains. "We are also creating a foundation in information security for cooperation with existing and new well-known customers, for whom the topic is decisive in the decision for a suitable project partner."
While ISO certification is projekt0708's response to the growing demands of the customer market on the one hand, it will also have a long-term impact on partner companies.
"It goes without saying that we can only guarantee information security comprehensively if our partners involved in customer projects are also able to meet the requirements," Listl knows. "In this way, we also hope to motivate them to focus more on the topic of information security in the general interest."
About ISO 27001
Under the official title IT Security Procedures - Information Security Management Systems - Requirements, the ISO/IEC 27001 standard was first published as an international standard in 2005. Its first German version dates from 2014, and the current version dates from June 2017.
The standard contains specific requirements for security mechanisms and their implementation, which in individual implementation are intended to design, maintain and continuously improve an information security management system (ISMS) in accordance with the requirements.
The aim of such an ISMS is to guarantee confidentiality and integrity while ensuring the availability of sensitive data. Potential risks must be identified and minimized in advance. Technical and organizational measures have to help to prevent security breaches and thus simultaneously optimize business processes in the long term while increasing productivity.
For this purpose, ISO 27001 contains ten main chapters and 14 catalogs with 114 detailed measures that extend into areas such as access control, securing offices, rooms and facilities, the security of operating resources, and general operations and communications management, and also regulate the handling of information security incidents and the safeguarding of business operations as part of business continuity management.