The extension of the DIN EN ISO 9001:2015 and DIN EN ISO 14001:2015 management systems integrated at primion Technology GmbH to include this coveted certificate thus impressively documents the reliability of processes in handling sensitive customer data. Based on the provisions of ISO/IEC 27001, it covers the guarantee and maintenance of confidentiality, integrity and availability of information (CIA).
Data security is guaranteed
The TüV SÜD auditor carried out the audit at the headquarters in Stetten on the cold market; TüV SÜD Management Service GmbH was subsequently responsible for the veto check, which was successfully completed on 30 September 2019. This makes the IT system house for access control, time recording and security technology the only company in Germany to date with a certified information security management system in the "Time & Security" area.
Competitive advantage and security gain
ISO 27001 encompasses a comprehensive security concept independent of industry and size that reflects the company's self-interest. The implementation of the security concept and the additional certificate for information security that has now been acquired are a clear competitive advantage for primion. They impressively document that the legal requirements are met, that the (IT) risk can be recognized and classified within the company and, above all, that it can be minimized, thus guaranteeing customers and clients a high standard.
The legislator does not require this certification according to ISO 27001. Irrespective of this, ISO 27001 facilitates compliance with legal requirements and offers many entrepreneurial advantages. With this certification it can be proven, for example, that the security requirements, the technical and organisational measures in accordance with Art. 28 DSGVO (contract processors), Art. 5 DSGVO (processing principles), Art. 32 DSGVO (security of processing) and § 64 BDSG (data processing security requirements) are fulfilled and complied with.
Information security according to ISO/IEC 27001
- Confidentiality: Protection of information against unauthorized disclosure (Confidentiality)
- Integrity: Protection of information from modification, insertion, deletion, reordering, duplication or replay (Integrity)
- Information availability: Ensuring the accessibility and usability of information for authorized instances (Availability)
- Authenticity: Authenticity of information or identities.
- Attributability: assumption of responsibility, accountability and/or liability for information values (Assets)
- Commitment: Nobody can deny or deny the sending or receiving of information (Proof of Origin, Proof of Delivery).
- Reliability: Ensuring consistent behaviour and delivery of intended results by a person or entity (Consistent Delivery).