Constantly growing security requirements
"The security risks have risen disproportionately in recent years," states Thomas Galley, Chief Information Security Officer at Pironet NDH. "As a provider of Cloud Computing solutions for our medium-sized business customers we therefore cannot rest on our laurels, but must constantly reconsider the requirements for our information security." The auditors therefore also checked how Pironet NDH responds to new security scenarios and will confront future threats proactively.
In addition to the annual external audit, Pironet NDH also uses internal audits to make sure, for example, that the employees act according to the security regulations in their daily work. "The best ISMS is worth nothing if the regulations are not put into practice in the company on a daily basis," adds Mr Galley. These include, for instance, provisions regarding access and admission control, risk management and handling mobile hardware.
IT protection is a hurdle for many medium-sized companies
"The effort we put into ISO certification is considerable, but it's worthwhile," says Felix Höger, Chief Executive Officer of Pironet NDH. "Our customers, and we ourselves, thus have the certainty that all the security measures connected with all aspects of our German Business Cloud comply with the highest standards in the IT industry."
Whereas up to a few years ago companies frequently had security concerns when outsourcing their IT, today they would prefer a secure, certified Cloud 'Made in Germany' to an IT environment they manage themselves. Because information security is a big hurdle for non-specialist medium-sized companies to cope with. "Our customers also look very carefully at how our ISMS is structured and in some cases also especially commission auditors to check it," explains Mr Galley.
ISO/IEC 27001 - a standard for information security
The international standard ISO/IEC 27001 specifies the requirements for implementing and maintaining an Information Security Management System, irrespective of the industry and company size. In view of the IT-based risks which exist today, this standard is an important resource for complying with and constantly enhancing information security. The customers of PERSICON cert, which has now once again confirmed Pironet NDH's compliance with the requirements of ISO/IEC 27001, include numerous DAX30 companies and a few regional and federal ministries.