Softline AG // Company // References

Data protection and information security analysis according to ISO/ IEC 27001

As a CRITIS company, our customer is subject to special requirements regarding the security of its IT. We were the partner of choice to review the current standards regarding information security and data protection compliance. The analysis provided a dedicated overview and valuable recommendations for action to sustainably optimize IT security and the protection of personal data.

The challenge

  • Special information security requirements as a CRITIS operator
  • Processing of highly sensitive patient and personal data
  • Creating pragmatic approaches to processes due to lack of IT resources and in favor of user-friendliness
  • No central management of the heterogeneous IT landscape

Our solution

  • Preparing question catalogs of ISO Controls 5-18 and the BDSG
  • Conducting interviews and random samples (tools/ walk-throughs, etc.)
  • Documentation of results
  • Management review
  • Creation of a catalog of measures with prioritization to increase the security level and compliance regarding BDSG

The highlights

  • Fast, cost-transparent and target-oriented implementation
  • Extensive experience of the Softline specialists responsible for the project as external information security and data protection officers
  • Concrete action plan for well-founded and sustainable protection of data privacy and information security
  • Conformity to ISO/ IEC 27001
  • Preparation for GDPR
  • Ongoing support for implementation and optimization of TOMs