Compliance of the management system confirmed by certification audit
Valid until 31. Oktober 2027
4. Context of the organization
Compliant
Dolpheen IT Solutions GmbH demonstrates a clear understanding of information security risks, legal requirements, and contractual obligations. The scope and structure of the information security management system comply with the requirements of ISO 27001.
|
Chapter 4.1: Dolpheen IT Solutions GmbH takes into account external and internal issues related to information security | Fully available |
|
Chapter 4.2: Requirements and expectations of interested parties are determined | Fully available |
|
Chapter 4.3: Dolpheen IT Solutions GmbH has defined the scope of the information security management system | Fully available |
|
Chapter 4.4: Dolpheen IT Solutions GmbH has implemented its ISMS in accordance with the requirements of the standard | Fully available |
5. Leadership
Compliant
Top management at Dolpheen IT Solutions GmbH is actively committed to information security and makes key decisions to ensure compliance with legal and contractual obligations as well as the continuous improvement of information security performance.
|
Chapter 5.1: Leadership and commitment requirements are met | Fully available |
|
Chapter 5.2: Dolpheen IT Solutions GmbH has defined and communicated an information security policy | Fully available |
|
Chapter 5.3: Roles and responsibilities for information security are defined and practiced | Fully available |
6. Planning
Compliant
Information security risks, security objectives, and the management of changes are defined and documented. In order execution planning and work preparation, Dolpheen IT Solutions GmbH takes these risks and objectives into account. This actively prevents potential security incidents and effectively protects sensitive information.
|
Chapter 6.2: Dolpheen IT Solutions GmbH has defined information security objectives and measures to achieve them | Fully available |
|
Chapter 6.3: Changes are organized in a structured manner | Fully available |
7. Support
Compliant
Dolpheen IT Solutions GmbH ensures that information security-related tasks are supported by well-trained personnel, appropriate technical resources, and clear communication. This helps prevent security incidents, ensures employee competence in handling information security requirements, and reduces misunderstandings in the implementation of security measures.
|
Chapter 7.1: Dolpheen IT Solutions GmbH systematically plans resources for information security management | Fully available |
|
Chapter 7.2: Dolpheen IT Solutions GmbH ensures that the necessary competencies for information security are in place | Fully available |
|
Chapter 7.3: Dolpheen IT Solutions GmbH creates awareness of information security among employees | Fully available |
|
Chapter 7.4: Dolpheen IT Solutions GmbH has clear communication structures regarding information security | Fully available |
|
Chapter 7.5: Dolpheen IT Solutions GmbH has securely documented the key foundations of information security management | Fully available |
8. Operation
Compliant
Dolpheen IT Solutions GmbH consistently implements the requirements of information security management. Employees receive clear instructions for the secure handling of information. The consistent implementation of these guidelines ensures the protection of sensitive data and the early identification of risks through regular information security assessments.
|
Chapter 8.1: Dolpheen IT Solutions GmbH systematically implements the planning of its information security management | Fully available |
|
Chapter 8.2: Dolpheen IT Solutions GmbH conducts regular information security assessments | Fully available |
|
Chapter 8.3: Dolpheen IT Solutions GmbH implements plans for the treatment of information security risks | Fully available |
9. Performance measurement
Compliant
Dolpheen IT Solutions GmbH regularly identifies information security risks, verifies compliance with security-related requirements through internal audits, and evaluates the results within a structured management review. This ensures that data is effectively protected, legal and contractual requirements are met, and information security is continuously improved – to safeguard customers, partners, and sensitive information.
|
Chapter 9.1: Results are systematically reviewed and analyzed | Fully available |
|
Chapter 9.2: Regular internal checks and audits ensure consistent quality | Fully available |
|
Chapter 9.3: Dolpheen IT Solutions GmbH conducts regular management reviews | Fully available |
10. Improvement
Compliant
Dolpheen IT Solutions GmbH embraces the principle of continuous improvement in information security management by consistently reviewing and purposefully enhancing security-relevant processes. This ensures that customers can rely on the consistent protection of sensitive data and steadily increasing security standards.
|
Chapter 10.1: Dolpheen IT Solutions GmbH ensures continual improvement and further development | Fully available |
|
Chapter 10.2: Dolpheen IT Solutions GmbH meets the requirements for the treatment of nonconformities | Fully available |
Annex A, 5
Compliant
Dolpheen IT Solutions GmbH has implemented comprehensive organizational measures to embed information security within the organization. These include, among others, the introduction and regular review of an information security policy, the clear definition of responsibilities, the implementation of access control procedures, as well as the classification and labeling of information. Furthermore, inventories for information and related assets are maintained, contacts with relevant authorities and stakeholder groups are upheld, and measures for information security in supplier relationships are implemented.
Annex A, 6
Compliant
Dolpheen IT Solutions GmbH has implemented extensive personnel-related measures to ensure information security. These include security screenings for new employees, the definition of responsibilities in employment contracts, as well as regular training and awareness programs on information security. Furthermore, formalized procedures such as a disciplinary process, clear responsibilities when terminating or changing employment relationships, and binding confidentiality agreements are in place. In addition, rules for secure remote work have been established and a reporting procedure for information security incidents has been introduced.
Annex A, 7
Compliant
Dolpheen IT Solutions GmbH has implemented comprehensive physical measures to protect information and related assets. These include, among others, secured security perimeters and access controls, the physical monitoring of premises, as well as protective measures against physical and environmental threats. In addition, rules have been established for a tidy working environment, the safe operation and placement of equipment, the protection of assets outside the premises, and the secure management of storage media. Maintenance, cabling, and the secure disposal of equipment and assets are also regulated.
Teilen auf X
