On the 22nd of November 2021 Lupus Consulting has successfully passed the ISO/IEC 27001:2013 Information Security audit. The certification of independent auditors confirms that Lupus Consulting has implemented a holistic Information Security Management System (ISMS) and fulfills the high standards in terms of security processes, data processing, data privacy and data security.
What are the requirements for the certification?
Implementation of an ISMS is the key prerequisite to receive the ISO certification. The implementation process itself was divided into different steps: Starting with an as-is analysis we re-visited the existing measures, defined safety objectives and agreed on a methodology on how to implement them. The usage of an asset register further supports the identification of threats with regards to IT-Systems and also employees. Based on the agreed methodology the risk prevention in form of a Risk Treatment Plan was created, which will be followed and shared across the company.
How did Lupus Consulting implement the requirements?
During the implementation phase Lupus Consulting reviewed the entire IT infrastructure, Infosecurity related processes, data assets and regulations. In addition a risk analysis aiming at potential threats for the company got conducted. Responsibilities with defined roles and their corresponding measures ensure that risks are either eliminated or significantly reduced.
The new Lupus Consulting ISMS is now based on the standard of ISO/IEC 27002:2013 Information technology security techniques and codes of practice for information security controls. The practices established also fulfill all additional security requirements of our valued customers.
Which measures have been implemented?
Lupus Consulting strengthened its IT infrastructure (network, servers, laptops), updated the processes and regulations with special emphasis on customer-related data management and trained its staff towards information security awareness. In addition, Lupus Consulting protects the assets and information with backup and archiving procedures. The servers are for instance secured in the private cloud environment and follow strict policies.
The measures are implemented across the entire organisation with trainings, documentations and guidelines for all employees as well as for subcontractors. The ISMS is a living framework and Lupus Consulting will continuously update and fine-tune the measures implemented so far.