Softline AG // Company // References // Implementation of an ISMS and provision of the external information security officer

Support in the implementation of an ISMS and provision of the external information security officer

Our customer from the retail sector was looking for an information security officer for IT and information security-related tasks that arise in day-to-day operations. Until the position can be filled internally as planned, an expert from Softline will take over this function. At the same time, we provided advice and support in setting up a sustainable and more systematic ISMS organisation.

The challenge

  • Approx. 20,000 employees worldwide, 2,400 sites in 24 European countries alone
  • No defined information security management
  • Pressure from legal department to establish an ISMS
  • Reactive handling of security issues due to lack of expertise
  • Desire for more systematic and proactive approach

Our solution

  • Interim adoption of the role of Information Security Officer:
    • Consulting on specialist topics and individual requests such as cyber insurance, SIEM and cloud security
    • Representation as an expert in management meetings
    • C-level sparring on the topic of IT & information security
  • Development of an ISMS based on ISO 27001:
    • Determination of the scope
    • Identifying key assets and their protection needs and levels
    • Identification of security gaps
    • Risk assessment: identification of threats and vulnerabilities, their probability of occurrence and potential risks
    • Derivation of a risk treatment plan
    • Definition of concrete measures (indicator-based technical and organizational measures such as process adjustments or redefinitions)
    • Creation of guidelines, documents and awareness measures

The highlights

  • Increase in system and data security
  • Increase of efficiency as well as process fidelity
  • Awareness about IT and information security
  • More targeted expenditure management/ minimization of IT costs
  • Positive impact on company value
  • Additional assumption of operational tasks, structural analysis/ pentesting and special assignment on the subject of phishing mails