{"id":1377,"date":"2026-04-06T09:28:34","date_gmt":"2026-04-06T07:28:34","guid":{"rendered":"https:\/\/www.dicisgroup.com\/what-is-iso-27001-information-security-simply-explained-dicis-ag\/"},"modified":"2026-04-14T14:39:08","modified_gmt":"2026-04-14T12:39:08","slug":"what-is-iso-27001-information-security-simply-explained-dicis-ag","status":"publish","type":"page","link":"https:\/\/www.dicisgroup.com\/en\/what-is-iso-27001-information-security-simply-explained-dicis-ag\/","title":{"rendered":"What is ISO 27001? Information Security Simply Explained | DICIS AG"},"content":{"rendered":"<p><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container has-pattern-background has-mask-background fusion-parallax-none nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-background-position:center top;--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:200px;--awb-padding-bottom:100px;--awb-margin-top:-160px;--awb-background-color:rgba(255,255,255,0);--awb-background-image:linear-gradient(90deg, rgba(15,84,131,0.9) 0%,rgba(16,55,82,0.9) 100%),url(https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/header-background-4.png);;--awb-background-size:cover;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-center fusion-flex-content-wrap\" style=\"max-width:1216.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:0%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\" data-scroll-devices=\"small-visibility,medium-visibility,large-visibility\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-custom_color_3);--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;--awb-font-size:52px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"font-family:&quot;Poppins&quot;;font-style:normal;font-weight:700;margin:0;font-size:1em;--fontSize:52;line-height:1.21;\">What is ISO 27001? Information Security Simply Explained | DICIS AG<\/h2><\/div><nav class=\"fusion-breadcrumbs fusion-breadcrumbs-1\" style=\"--awb-font-size:16px;--awb-text-hover-color:var(--awb-color5);--awb-text-color:var(--awb-custom_color_2);--awb-breadcrumb-sep:&#039;&gt;&#039;;\" aria-label=\"Breadcrumb\"><ol class=\"awb-breadcrumb-list\"><li class=\"fusion-breadcrumb-item awb-breadcrumb-sep awb-home\" ><a href=\"https:\/\/www.dicisgroup.com\/en\/\" class=\"fusion-breadcrumb-link\"><span >Home<\/span><\/a><\/li><\/ol><\/nav><\/div><\/div><\/div><\/div>\n<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-2 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:40px;--awb-background-color:var(--awb-custom_color_3);--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1216.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-2 fusion-sep-none fusion-title-text fusion-title-size-one\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:36;line-height:1.47;\"><h1 style=\"text-align: center;\">What is ISO 27001?<\/h1><\/h1><\/div><div class=\"fusion-text fusion-text-1\"><p>ISO 27001 is an international standard for <a href=\"https:\/\/www.dicisgroup.com\/de\/was-ist-ein-informationssicherheitsmanagementsystem\/\">Information Security Management Systems<\/a>, which organizations (companies, associations, clubs, authorities, etc.) use to reliably implement all data protection and information security requirements. It follows the same principles as <a href=\"https:\/\/www.dicisgroup.com\/de\/was-ist-ein-qualitaetsmanagementsystem\/\">Quality Management Systems<\/a> like <a href=\"https:\/\/www.dicisgroup.com\/de\/was-ist-iso-9001-2026\/\">ISO 9001<\/a>, the so-called \u201cHigh Level Structure\u201d of the ISO standard family. <a href=\"https:\/\/www.dicisgroup.com\/de\/iso-managementsysteme-vorteile\/\">Management systems<\/a> according to ISO 27001 are certifiable as part of an <a href=\"https:\/\/www.dicisgroup.com\/de\/was-ist-eine-iso-zertifizierung\/\">ISO certification<\/a>. In this article, you will learn about the requirements of ISO 27001.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-3 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1216.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-3 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:28;line-height:1.21;\"><h2 style=\"text-align: left;\">Why does ISO 27001 exist?<\/h2><\/h2><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-3 fusion_builder_column_3_5 3_5 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:60%;--awb-margin-top-large:0px;--awb-spacing-right-large:3.2%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:3.2%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-2\"><p>Information security and data protection are among the most important topics for organizations that want and need to professionalize themselves in the context of digitalization and digital transformation. ISO 27001 is based on a simple philosophy: information security and data protection must not be left to chance. There must be clear rules for,  <\/p>\n<ul>\n<li>for example, who is allowed to create new users,<\/li>\n<li>who manages their role permissions,<\/li>\n<li>which specific behavioral guidelines users of IT systems must observe,<\/li>\n<li>at what intervals and with what methods IT security is checked, etc.<\/li>\n<\/ul>\n<p>ISO 27001 follows the PDCA cycle logic familiar from quality management: Plan, Do, Check, Act. In German: Planen, Umsetzen, Messen und Verbessern (Plan, Implement, Measure, and Improve).<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-4 fusion_builder_column_2_5 2_5 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:40%;--awb-margin-top-large:0px;--awb-spacing-right-large:4.8%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:4.8%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element \" style=\"--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\"><img decoding=\"async\" width=\"459\" height=\"464\" alt=\"PDCA cycle with the four steps Plan, Do, Check, and Act for continuous process improvement\" title=\"PDCA Cycle Simply Explained \u2013 Plan, Do, Check, Act\" src=\"https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/qualitaetsmanagementsystem-pdca-zyklus.png\" class=\"img-responsive wp-image-1378\" srcset=\"https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/qualitaetsmanagementsystem-pdca-zyklus-200x202.png 200w, https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/qualitaetsmanagementsystem-pdca-zyklus-400x404.png 400w, https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/qualitaetsmanagementsystem-pdca-zyklus.png 459w\" sizes=\"(max-width: 1024px) 100vw, (max-width: 640px) 100vw, 459px\" \/><\/span><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-5 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-content-boxes content-boxes columns row fusion-columns-1 fusion-columns-total-4 fusion-content-boxes-1 content-boxes-icon-on-side content-left\" style=\"--awb-title-color:#ff6600;--awb-hover-accent-color:#ff6600;--awb-circle-hover-accent-color:transparent;--awb-item-margin-bottom:40px;\" data-animationOffset=\"top-into-view\"><div style=\"--awb-backgroundcolor:#efefef;--awb-content-padding-left:220px;\" class=\"fusion-column content-box-column content-box-column content-box-column-1 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper-background link-area-link-icon icon-hover-animation-slide\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div aria-hidden=\"true\" class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/PDCA-Zyklus-1-Plan.png\" width=\"200\" height=\"177\" alt=\"\" \/><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:26px;--fontSize:26;line-height:1.21;padding-left:220px;\">Plan: Define and establish the Information Security Management System<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p>Roles and authorities, processes and procedure descriptions, the foundations for internal audits and controls \u2013 all of this is defined during the planning of an ISO 27001 management system. In other words: the theoretical basis is created. This clarifies who has to do what, when, and how regarding information security.<\/p>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:#efefef;--awb-content-padding-left:220px;\" class=\"fusion-column content-box-column content-box-column content-box-column-2 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper-background link-area-link-icon icon-hover-animation-slide\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div aria-hidden=\"true\" class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/PDCA-Zyklus-2-Do.png\" width=\"200\" height=\"177\" alt=\"\" \/><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:26px;--fontSize:26;line-height:1.21;padding-left:220px;\">Execution: Put the theoretical plan into practice<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p>Every plan is only as good as its execution. Implementation in practice therefore plays an important role in management systems like ISO 27001. What measures ensure that the Information Security Management System does not remain a theoretical concept? In fact, this is one of the biggest challenges for organizations. An ISO 27001 manual can be quickly downloaded from the internet, and templates for process descriptions and work instructions are also easily found. But now it&#8217;s about reliably putting this into practice.<\/p>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:#efefef;--awb-content-padding-left:220px;\" class=\"fusion-column content-box-column content-box-column content-box-column-3 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper-background link-area-link-icon icon-hover-animation-slide\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div aria-hidden=\"true\" class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/PDCA-Zyklus-3-Check.png\" width=\"200\" height=\"177\" alt=\"\" \/><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:26px;--fontSize:26;line-height:1.21;padding-left:220px;\">Control and Review: Does the management system fulfill its task?<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p>An ISMS (Information Security Management System) is planned and implemented. But that is not enough. Does the organization achieve its goals with it? Are data and information truly effectively protected? Especially in the field of information security, where cybercriminals try and find new attack vectors into IT systems, checking the management system is one of the most important tasks. Internal audits, i.e., checks to see if the system functions reliably, are therefore a crucial component of ISO 27001.<\/p>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:#efefef;--awb-content-padding-left:220px;\" class=\"fusion-column content-box-column content-box-column content-box-column-4 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper-background link-area-link-icon icon-hover-animation-slide\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div aria-hidden=\"true\" class=\"image\"><img decoding=\"async\" src=\"https:\/\/www.dicisgroup.com\/wp-content\/uploads\/2026\/04\/PDCA-Zyklus-4-Act.png\" width=\"200\" height=\"177\" alt=\"\" \/><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:26px;--fontSize:26;line-height:1.21;padding-left:220px;\">Continuous Improvement and Optimization<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p>ISO 27001 relies on two important principles:<\/p>\n<ol>\n<li>Learn from mistakes. Security flaws that are discovered are immediately rectified. <\/li>\n<li>The system is continuously improved. Suggestions are actively sought to make the Information Security Management System even better and more effective. This can include better technical equipment, more efficient processes, or innovative measures to strengthen information security.  <\/li>\n<\/ol>\n<\/div><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><div class=\"fusion-separator fusion-full-width-sep\" style=\"align-self: center;margin-left: auto;margin-right: auto;margin-top:-60px;width:100%;\"><\/div><div class=\"fusion-text fusion-text-3\"><p>The PDCA cycle is also known from other management systems such as <a href=\"https:\/\/www.dicisgroup.com\/de\/was-ist-qualitaetsmanagement\/\">quality management<\/a>. The structure of ISO 27001 is also similar to that of ISO 9001. Therefore, <a href=\"https:\/\/www.dicisgroup.com\/de\/iso-managementsysteme-vorteile\/\">management systems<\/a> from the areas of quality, environmental protection, or information security can be very well combined in the form of <a href=\"https:\/\/www.dicisgroup.com\/de\/was-ist-ein-integriertes-managementsystem\/\">integrated management systems<\/a>.  <\/p>\n<p data-start=\"84\" data-end=\"348\">DICIS\u00ae AG offers a modern solution for <a href=\"https:\/\/www.dicisgroup.com\/en\/what-is-iso-27001-certification-explained-simply-dicis-ag\/\">ISO 27001 certification<\/a> that significantly reduces the effort. With the help of an AI assistant, the entire documentation can be created within a few hours \u2013 instead of several weeks as before. <\/p>\n<p data-start=\"350\" data-end=\"467\" data-is-last-node=\"\" data-is-only-node=\"\">Companies can test the solution for 30 days free of charge and be guided step-by-step through the certification process.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-6 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div style=\"text-align:center;\"><a class=\"fusion-button button-flat button-xlarge button-custom fusion-button-default button-1 fusion-button-default-span fusion-button-default-type\" style=\"--button_accent_color:#ffffff;--button_border_color:#ff6600;--button_accent_hover_color:#ffffff;--button_border_hover_color:#ff944d;--button_border_width-top:2px;--button_border_width-right:2px;--button_border_width-bottom:2px;--button_border_width-left:2px;--button-border-radius-top-left:10px;--button-border-radius-top-right:10px;--button-border-radius-bottom-right:10px;--button-border-radius-bottom-left:10px;--button_gradient_top_color:#ff6600;--button_gradient_bottom_color:#ff6600;--button_gradient_top_color_hover:#ff944d;--button_gradient_bottom_color_hover:#ff944d;\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/isocertification.dicis.org\/survey\/?p=ZGZmNTExN2EtNDE0OSMjNDU&amp;action=set_language&amp;language=1\"><i class=\"fa-desktop fas awb-button__icon awb-button__icon--default button-icon-left\" aria-hidden=\"true\"><\/i><span class=\"fusion-button-text awb-button__text awb-button__text--default\">START CERTIFICATION NOW<\/span><\/a><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-4 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1216.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-7 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-4 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:28;line-height:1.21;\"><h2>How is ISO 27001 structured?<\/h2><\/h2><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-8 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-4\"><p>ISO 27001 follows the so-called High Level Structure and is similarly structured to ISO 9001 or ISO 14001. The actual requirements are in chapters 4 to 10. Additionally, there is an Annex with 93 controls that you must implement or justify to fully cover information security. <\/p>\n<p data-start=\"375\" data-end=\"660\">The standard is structured so that you can easily proceed step by step. You start by understanding your company, define rules, and ensure that work is done securely in everyday operations. Afterwards, you regularly check if everything is working and improve your system.  <\/p>\n<p data-start=\"662\" data-end=\"755\">The following overview simply shows you what you specifically need to do in each chapter:<\/p>\n<\/div>\n<table style=\"height: 259px;\" width=\"1197\">\n<thead>\n<tr>\n<th style=\"text-align: left;\">Chapter<\/th>\n<th style=\"text-align: left;\">What you specifically need to do in this chapter<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Chapter 4 \u2013 Context<\/strong><\/td>\n<td>Consider: Which data is important? What can happen? Where do you apply your security system?<\/td>\n<\/tr>\n<tr>\n<td><strong>Chapter 5 \u2013 Leadership<\/strong><\/td>\n<td>Ensure that the topic is important and everyone knows: data must be protected.<\/td>\n<\/tr>\n<tr>\n<td><strong>Chapter 6 \u2013 Planning<\/strong><\/td>\n<td>Consider: What can go wrong and how do we prevent it?<\/td>\n<\/tr>\n<tr>\n<td><strong>Chapter 7 \u2013 Support<\/strong><\/td>\n<td>Ensure that your employees know what to do and have the right resources.<\/td>\n<\/tr>\n<tr>\n<td><strong>Chapter 8 \u2013 Operation<\/strong><\/td>\n<td>Define how data is handled securely in daily operations.<\/td>\n<\/tr>\n<tr>\n<td><strong>Chapter 9 \u2013 Performance Evaluation<\/strong><\/td>\n<td>Regularly check: Is everything working or are there problems?<\/td>\n<\/tr>\n<tr>\n<td><strong>Chapter 10 \u2013 Improvement<\/strong><\/td>\n<td>If something is not working well, improve it step by step.<\/td>\n<\/tr>\n<tr>\n<td><strong>Annex A \u2013 Controls<\/strong><\/td>\n<td>Implement specific protective measures: rules, training, securing access, and protecting IT.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"fusion-separator fusion-full-width-sep\" style=\"align-self: center;margin-left: auto;margin-right: auto;margin-top:10px;margin-bottom:10px;width:100%;\"><\/div><div class=\"fusion-text fusion-text-5\"><p data-start=\"68\" data-end=\"351\">DICIS\u00ae AG has developed an innovative and particularly simple path to <a href=\"https:\/\/www.dicisgroup.com\/en\/iso-27001-certification-online-fast-easy-dicis\/\">ISO 27001 certification<\/a> \u2013 especially for small businesses. Instead of complex projects and weeks of preparation, you use an AI-powered tool that guides you step-by-step through the implementation. <\/p>\n<p data-start=\"353\" data-end=\"565\">Through targeted questions, the system automatically identifies the relevant requirements and creates the necessary documentation in a short time. Certification then takes place efficiently via an online audit. <\/p>\n<p data-start=\"567\" data-end=\"725\" data-is-last-node=\"\" data-is-only-node=\"\">This makes ISO 27001 certification significantly easier and faster. You can start immediately and test the certification tool for 30 days free of charge now. <\/p>\n<\/div><div style=\"text-align:center;\"><a class=\"fusion-button button-flat button-xlarge button-custom fusion-button-default button-2 fusion-button-default-span fusion-button-default-type\" style=\"--button_accent_color:#ffffff;--button_border_color:#ff6600;--button_accent_hover_color:#ffffff;--button_border_hover_color:#ff944d;--button_border_width-top:2px;--button_border_width-right:2px;--button_border_width-bottom:2px;--button_border_width-left:2px;--button-border-radius-top-left:10px;--button-border-radius-top-right:10px;--button-border-radius-bottom-right:10px;--button-border-radius-bottom-left:10px;--button_gradient_top_color:#ff6600;--button_gradient_bottom_color:#ff6600;--button_gradient_top_color_hover:#ff944d;--button_gradient_bottom_color_hover:#ff944d;\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/isocertification.dicis.org\/survey\/?p=ZGZmNTExN2EtNDE0OSMjNDU&amp;action=set_language&amp;language=1\"><i class=\"fa-desktop fas awb-button__icon awb-button__icon--default button-icon-left\" aria-hidden=\"true\"><\/i><span class=\"fusion-button-text awb-button__text awb-button__text--default\">START CERTIFICATION NOW<\/span><\/a><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-9 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-5 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1216.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-10 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-5 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>What do I need to implement in ISO 27001 Chapter 4.1 (Context of the Organization)? <\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-6\"><p>In Chapter 4.1, ISO 27001 lays the foundation for an Information Security Management System to be implemented at all. Organizations create a list of relevant internal and external issues for this purpose.  <\/p>\n<ul>\n<li>Internal issues: This involves addressing all areas where information security plays a role. For example: securing Wi-Fi, security of production facilities, data and information security in employees&#8217; home offices, etc. <\/li>\n<li>External issues: This considers external influencing factors on information security. Create a list of issues that are relevant to you and your Information Security Management System. For example, new data protection regulations, security updates for your software, reports on cybercriminals&#8217; attack strategies, or innovative security technologies.  <\/li>\n<\/ul>\n<p>ISO 27001 does not specify which internal and external issues you must monitor and analyze. Ultimately, it is a matter of relevance. At its core, however, it is quite simple. You need to clarify what potential threats exist, what regulations you must observe, and which areas of your organization are affected.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-11 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-6 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>Which interested parties are relevant for ISO 27001?<\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-7\"><p>When it comes to information security, different groups have different interests.<\/p>\n<ul>\n<li>Owners and investors seek the best possible protection for their invested capital, but also pay attention to the economic viability of a solution.<\/li>\n<li>Employees expect that implemented solutions\n<ol>\n<li>are easy to use and<\/li>\n<li>do not restrict their productivity.<\/li>\n<\/ol>\n<\/li>\n<li>The works council wants to ensure that records of employee activities are processed only for the purpose for which they were collected.<\/li>\n<li>Customers want clarity on how their data is processed and how their information is protected.<\/li>\n<\/ul>\n<p>Countless other interested parties could be listed. ISO 27001 requires organizations to actively address these different interests and identify potential areas of tension that exist in information security management.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-12 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-7 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>How do I define the scope (Chapter 4.3) of ISO 27001?<\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-8\"><p>Contrary to a widespread assumption, ISO 27001 does not automatically have to be implemented for an entire organization. It is even conceivable that you implement ISO 27001 only for a few processes, for example, for all processes and activities related to the use of a CRM system (Customer Relationship Management system). Therefore, it is necessary to clearly define the scope of ISO 27001.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-6 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1216.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-13 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-padding-top:15px;--awb-padding-right:15px;--awb-padding-left:15px;--awb-overflow:hidden;--awb-bg-color:rgba(255,102,0,0.05);--awb-bg-color-hover:rgba(255,102,0,0.05);--awb-bg-size:cover;--awb-border-color:#ff6600;--awb-border-top:2px;--awb-border-right:2px;--awb-border-bottom:2px;--awb-border-left:2px;--awb-border-style:solid;--awb-border-radius:15px 15px 15px 15px;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-9\"><p><strong>Practical tip!<br \/>\n<\/strong><br \/>\nIf you are dealing with ISO 27001 for the first time: Start with a small sub-area. Initially implement the ISMS requirements only for specific processes, a location, a department, or a team. This will help you understand the logic behind ISO 27001 and learn to manage its complexity. Gradually expand ISO 27001 to other areas.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-7 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-bottom:40px;--awb-margin-bottom:-60px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1216.8px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-14 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-8 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>What do I need to do in Chapter 4.4 (The Information Security Management System)?<\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-10\"><p>This chapter is the concretization of 4.3. Which processes and procedures does your ISMS cover? Create a list of all relevant processes and procedures for your ISMS. There are classic standard procedures that affect practically every organization: for example,   <\/p>\n<ul>\n<li>creating and deleting internal users,<\/li>\n<li>expanding or restricting access rights,<\/li>\n<li>as well as the procedure for security flaws identified by management.<\/li>\n<\/ul>\n<p>Here, ISO 27001 requires clear processes and procedures. With Innolytics AG&#8217;s digital Information Security Management System, you can meet these requirements quickly and easily.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-15 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-9 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>What does ISO 27001 require from leadership? (Chapter 5.1) <\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-11\"><p>Leaders play a special role within organizations. They are responsible for considering information security in all areas of daily work. They are the ones who define information security objectives, develop measures to implement them, and support employees in acquiring the necessary competencies. Chapter 5.1 explicitly lists the requirements for leaders in organizations.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-16 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-10 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>What roles and responsibilities (Chapter 5.2) exist in ISO 27001?<\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-12\"><p>ISO 27001, like all <a href=\"https:\/\/www.innolytics.de\/was-ist-ein-managementsystem\/\" target=\"_blank\" rel=\"noopener\">management systems<\/a>, requires that there are fixed responsibilities and accountabilities for specific tasks. How these are structured in detail is not explicitly prescribed in the standard. However, it is important that roles and responsibilities are specifically named. It is therefore not enough to merely generally indicate that, for example, a certain department should think about information security. In an Information Security Management System (ISMS), specific individuals or functions are named.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-17 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-11 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>What competencies do employees need regarding information security? (Chapter 7.3) <\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-13\"><p>Organizations must ensure that the responsible persons have the necessary know-how to fulfill their tasks. At its core, this is a very logical requirement. What good is it if organizations set information security goals, develop measures, and appoint responsible persons, but then no one has the necessary expertise to carry this out?<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-18 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-12 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>What does information security assessment mean? (Chapter 8.2: Risk analysis and assessment) <\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-14\"><p>ISO 27001 requires companies to regularly review their own IT infrastructure (which includes not only internal networks and devices connected to the internet, but also employees&#8217; smartphones and even home workplaces in home offices). Everything can become an entry point for cybercriminals and thus represents a security risk.  <\/p>\n<p>ISO 27001 requires companies to regularly review their own <a href=\"https:\/\/www.bsi.bund.de\/DE\/Themen\/Unternehmen-und-Organisationen\/Standards-und-Zertifizierung\/IT-Grundschutz\/BSI-Standards\/bsi-standards_node.html\" target=\"_blank\" rel=\"noopener noreferrer\">IT infrastructure<\/a> (this includes not only internal networks and internet-connected devices, but also employees&#8217; smartphones and even home workstations). Everything can become a gateway for cybercriminals and thus represents a security risk.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-19 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-13 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>ISO 27001 does not prescribe a specific form of risk analysis. However, there are security criteria listed in the standard. In addition, there are standards such as the BSI Standard that are compatible with ISO 27001.<\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-15\"><p>What <a href=\"https:\/\/www.innolytics.de\/was-ist-ein-qualitaetsmanagementsystem\/\" target=\"_blank\" rel=\"noopener\">information security audits<\/a> does <a href=\"https:\/\/www.innolytics.de\/was-ist-iso-9001-2015\/\" target=\"_blank\" rel=\"noopener\">ISO 27001<\/a> require (Chapter 9.2)? <\/p>\n<ul>\n<li>Internal audits are a central requirement of management systems, such as a Quality Management System according to ISO 9001:2015. What is it about?<\/li>\n<li>Audits are internal reviews that must be planned and conducted.<\/li>\n<li>The philosophy behind this is: if something is not regularly and systematically checked, it eventually falls out of focus and is ultimately forgotten.<\/li>\n<\/ul>\n<p>However, precisely this form of negligence ultimately increases <a href=\"https:\/\/de.wikipedia.org\/wiki\/ISO_19011\" target=\"_blank\" rel=\"noopener noreferrer\">attack risks<\/a> and can subsequently lead to damage.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-20 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-14 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:20px;--awb-margin-left-small:0px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:20;--minFontSize:20;line-height:2.2;\"><h2><strong>How do I need to improve information security? (ISO 27001 Chapter 10.1) <\/strong><\/h2><\/h3><\/div><div class=\"fusion-text fusion-text-16\"><p>ISO 27001 \u2013 like all certifiable standards in the ISO family \u2013 is based on the philosophy of \u201clearning from mistakes.\u201d Chapter 10.1 therefore establishes a binding approach to identified weaknesses and security flaws. They are intended to improve the overall system.   <\/p>\n<p>This list is not exhaustive. In practice, it is supplemented by security criteria. However, it provides a good overview of how the management system is structured and what requirements are placed on companies seeking ISO 27001 certification.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"100-width.php","meta":{"footnotes":""},"class_list":["post-1377","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.dicisgroup.com\/en\/wp-json\/wp\/v2\/pages\/1377","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dicisgroup.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.dicisgroup.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.dicisgroup.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dicisgroup.com\/en\/wp-json\/wp\/v2\/comments?post=1377"}],"version-history":[{"count":2,"href":"https:\/\/www.dicisgroup.com\/en\/wp-json\/wp\/v2\/pages\/1377\/revisions"}],"predecessor-version":[{"id":1386,"href":"https:\/\/www.dicisgroup.com\/en\/wp-json\/wp\/v2\/pages\/1377\/revisions\/1386"}],"wp:attachment":[{"href":"https:\/\/www.dicisgroup.com\/en\/wp-json\/wp\/v2\/media?parent=1377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}