Compliance of the management system confirmed by certification audit
Valid until 31. Januar 2028
4. Context of the organization
Compliant
ProSec GmbH demonstrates a clear understanding of information security risks, legal requirements, and contractual obligations. The scope and structure of the information security management system comply with the requirements of ISO 27001.
|
Chapter 4.1: ProSec GmbH takes into account external and internal issues related to information security | Fully available |
|
Chapter 4.2: Requirements and expectations of interested parties are determined | Fully available |
|
Chapter 4.3: ProSec GmbH has defined the scope of the information security management system | Fully available |
|
Chapter 4.4: ProSec GmbH has implemented its ISMS in accordance with the requirements of the standard | Fully available |
5. Leadership
Compliant
Top management at ProSec GmbH is actively committed to information security and makes key decisions to ensure compliance with legal and contractual obligations as well as the continuous improvement of information security performance.
|
Chapter 5.1: Leadership and commitment requirements are met | Fully available |
|
Chapter 5.2: ProSec GmbH has defined and communicated an information security policy | Fully available |
|
Chapter 5.3: Roles and responsibilities for information security are defined and practiced | Fully available |
6. Planning
Compliant
Information security risks, security objectives, and the management of changes are defined and documented. In order execution planning and work preparation, ProSec GmbH takes these risks and objectives into account. This actively prevents potential security incidents and effectively protects sensitive information.
|
Chapter 6.2: ProSec GmbH has defined information security objectives and measures to achieve them | Fully available |
|
Chapter 6.3: Changes are organized in a structured manner | Fully available |
7. Support
Compliant
ProSec GmbH ensures that information security-related tasks are supported by well-trained personnel, appropriate technical resources, and clear communication. This helps prevent security incidents, ensures employee competence in handling information security requirements, and reduces misunderstandings in the implementation of security measures.
|
Chapter 7.1: ProSec GmbH systematically plans resources for information security management | Fully available |
|
Chapter 7.2: ProSec GmbH ensures that the necessary competencies for information security are in place | Fully available |
|
Chapter 7.3: ProSec GmbH creates awareness of information security among employees | Fully available |
|
Chapter 7.4: ProSec GmbH has clear communication structures regarding information security | Fully available |
|
Chapter 7.5: ProSec GmbH has securely documented the key foundations of information security management | Fully available |
8. Operation
Compliant
ProSec GmbH consistently implements the requirements of information security management. Employees receive clear instructions for the secure handling of information. The consistent implementation of these guidelines ensures the protection of sensitive data and the early identification of risks through regular information security assessments.
|
Chapter 8.1: ProSec GmbH systematically implements the planning of its information security management | Fully available |
|
Chapter 8.2: ProSec GmbH conducts regular information security assessments | Fully available |
|
Chapter 8.3: ProSec GmbH implements plans for the treatment of information security risks | Fully available |
9. Performance measurement
Compliant
ProSec GmbH regularly identifies information security risks, verifies compliance with security-related requirements through internal audits, and evaluates the results within a structured management review. This ensures that data is effectively protected, legal and contractual requirements are met, and information security is continuously improved – to safeguard customers, partners, and sensitive information.
|
Chapter 9.1: Results are systematically reviewed and analyzed | Fully available |
|
Chapter 9.2: Regular internal checks and audits ensure consistent quality | Fully available |
|
Chapter 9.3: ProSec GmbH conducts regular management reviews | Fully available |
10. Improvement
Compliant
ProSec GmbH embraces the principle of continuous improvement in information security management by consistently reviewing and purposefully enhancing security-relevant processes. This ensures that customers can rely on the consistent protection of sensitive data and steadily increasing security standards.
|
Chapter 10.1: ProSec GmbH ensures continual improvement and further development | Fully available |
|
Chapter 10.2: ProSec GmbH meets the requirements for the treatment of nonconformities | Fully available |
Annex A, 5
Compliant
ProSec GmbH has implemented comprehensive organizational measures to embed information security within the organization. These include, among others, the introduction and regular review of an information security policy, the clear definition of responsibilities, the implementation of access control procedures, as well as the classification and labeling of information. Furthermore, inventories for information and related assets are maintained, contacts with relevant authorities and stakeholder groups are upheld, and measures for information security in supplier relationships are implemented.
Annex A, 6
Compliant
ProSec GmbH has implemented extensive personnel-related measures to ensure information security. These include security screenings for new employees, the definition of responsibilities in employment contracts, as well as regular training and awareness programs on information security. Furthermore, formalized procedures such as a disciplinary process, clear responsibilities when terminating or changing employment relationships, and binding confidentiality agreements are in place. In addition, rules for secure remote work have been established and a reporting procedure for information security incidents has been introduced.
Annex A, 7
Compliant
ProSec GmbH has implemented comprehensive physical measures to protect information and related assets. These include, among others, secured security perimeters and access controls, the physical monitoring of premises, as well as protective measures against physical and environmental threats. In addition, rules have been established for a tidy working environment, the safe operation and placement of equipment, the protection of assets outside the premises, and the secure management of storage media. Maintenance, cabling, and the secure disposal of equipment and assets are also regulated.
Teilen auf X
