de

Information security in accordance with ISO 27001 and the information management system

SPIRIT/21 GmbH has established an information security management system (ISMS) in accordance with ISO/IEC 27001 and had it audited by an independent certification company.

ISO 27001

One Pager

Our motivations were and are:

  • to improve services, reduce the frequency of errors and systematically identify and deal with risks.
  • Important framework parameters such as the scope, orientation and objectives of the ISMS were defined in this information security guideline.

For our customers this means:
SPIRIT/21’s ISMS meets the legal and statutory requirements as well as the contractual obligations that apply to SPIRIT/21 in the area of information security.

Our protection goals

  • Confidentiality
    Information is only available to authorized persons or systems.
  • Integrity
    Information can only be modified by authorized persons or systems in an approved manner.
  • Availability
    Systems and the information they contain can be read or retrieved at a defined point in time.

The scope of the ISMS

The scope of application defines the boundaries of the ISMS and therefore also which information SPIRIT/21 wishes to protect. Taking into account legal, contractual and its own requirements, SPIRIT/21 has defined the scope of its ISMS as follows:

The scope defines the boundaries of the ISMS and therefore also which information SPIRIT/21 wishes to protect. Taking into account legal, contractual and internal requirements, the ISMS comprises the processes and activities that are necessary for the provision, performance and control of managed services by the Service Delivery division.

The roles in the ISMS

The following roles have been established as contact persons for information security:

The Chief Information Security Officer is the owner of all ISMS processes and is responsible for the control of ISMS documents and records. He is the contact person for information security for all other roles within and outside the ISMS.

The IT Security Officer is responsible for the technical aspects of the ISMS and its implementation. He advises the CISO on technical issues and the evaluation of technical aspects.

The committees in the ISMS

SPIRIT/21 has installed the following committees and groups to manage the ISMS:

The Scope Steering Committee is made up of the SPIRIT/21 CEO, the business unit managers within the scope and the SPIRIT/21 CISO.
It controls the release of budget and resources and acts as the highest authority in risk management. The steering committee represents the highest escalation level in the ISMS.

The ISMS committee includes the business unit managers within the scope and the SPIRIT/21 CISO. It defines the ISMS objectives, taking into the input from the steering committee and is responsible for the assets managed in the ISMS as well as risk management. The ISMS committee releases guidelines and ISMS-specific documents (scope, etc.).

ISMS working groups are formed to define and manage the implementation of complex measures in the ISMS. They are made up of the CISO and, depending on the measure, other internal and external specialists.
together.

The security measures

ISO/IEC 27001 provides numerous security measures for identifying IT risks and reducing vulnerabilities in information systems.
In the so-called “Declaration on the applicability of security measures”, SPIRIT/21 has defined which measures (controls) of the standard are relevant and applicable, for example the topic of “user access management”.

The management commitment

The ISMS steering committee and the ISMS committee hereby declare that the ISMS implementation and its continuous improvement will be supported with appropriate resources in order to meet all the objectives specified in this guideline.