·
13/11/2024
PROMOS News
Security at PROMOS – successful monitoring audit and preparation for ISO/EN 27001:2022
We are setting a strong example for customers and partners: PROMOS has successfully completed the first monitoring audit for its ISO/EN 27001:2013 certification. This proves once again that our security standards not only remain stable, but are being continuously expanded. We are now aiming to switch to the new 2022 standard by August 2025. For you, this means maximum security and confidence in a reliable IT infrastructure.
Successful monitoring audit: further proof of quality and security
PROMOS prioritises compliance with the highest security standards. The two-day monitoring audit, carried out at the Berlin and Dortmund sites, showed that PROMOS not only fulfils the strict requirements of the ISO standard, but also consistently develops them further. With no deviations found, the audit confirmed a high level of quality in all areas audited. Our guidelines and security measures are audited annually as part of our ISO 27001 certification and we are constantly improving, as Viktoria Sorgalla, Information Security Officer, emphasises: “Our customers can rely on us. The monitoring audit has once again confirmed that we understand all ISO requirements in detail and implement them consistently.”
Part of the Alliance for Cyber Security: a strong network for emergencies
With its recent membership of the Alliance for Cyber Security, PROMOS is strengthening the protection of its customers with an extensive network for emergencies. Regular dialogue on current security issues and potential threats ensures that PROMOS is informed at an early stage and can react quickly. Sorgalla explains the advantages: “This means additional security for our customers, as PROMOS is always informed about potential weak points and can take targeted countermeasures.”
- Climate change and environmental factors: The new standard requires companies to consider the impact of climate change on their information security. This means that potential environmental hazards and their impact on IT infrastructures and data must be included in the risk analysis.
- Expansion of the “hazards” concept: The definition of hazards has been concretised and expanded. Companies must not only be aware of general security threats, but also specifically identify which security vulnerabilities are relevant to their industry and organisation and update these on an ongoing basis.
- Cloud security requirements: The standard sets out detailed requirements for the use of cloud services. This includes the selection and evaluation of secure cloud providers as well as the documentation and planning of access to and exit from cloud services. Backup strategies and contingency plans for cloud data must also be defined.
- Business continuity management (emergency planning): The requirements for business continuity, i.e. ensuring business continuity in the event of a crisis, have been expanded. Companies must take concrete measures to remain operational and be able to provide their services reliably even in the event of a security incident.
- Data leakage prevention (DLP): The standard stipulates that companies must take measures to prevent the unintentional leakage of confidential information. This includes technical protective measures such as the dual control principle for sharing or sending confidential documents and the prevention of careless data sharing via digital channels.
Future-orientated: Conversion to ISO27001:2022
PROMOS is already preparing for the transition to the ISO27001:2022 standard, which should be completed by August 2025. The new version of the standard brings with it additional requirements – for example regarding climate protection, cloud services and more comprehensive emergency strategies. By specifically adapting its information security management system (ISMS), PROMOS ensures that customers can continue to rely on the security of their data in the future. Having recently received an EcoVadis Award, PROMOS also demonstrates that the company meets very high standards in the areas of sustainability and climate protection – an aspect that will also be given greater consideration in the new standard in future.
Sorgalla explains: “The ISO27001:2022 standard is a step into the future. It not only offers protection, but also demands constant adaptation and further development. This not only makes PROMOS more resilient, but also strengthens customer confidence.”
The key elements of the additional requirements from the new version of the ISO27001 standard include:
Together, these innovations form an updated framework that enables companies to adapt security strategies to current threats and technologies and thus further increase their resilience to cyber risks.
With these measures, PROMOS is consolidating the long-term protection of its customers’ data and business processes and creating security for a stable digital future.
Further information
- PROMOS News "Yet another building block for IT security – PROMOS has hacking attacks simulated and tested by a cybersecurity firm"
- PROMOS News "Social engineering – how dangerous is the human factor in cybersecurity?"
- Article "Stable systems and protection against cyber attacks – even more security for PROMOS customers thanks to ISO 27001 certification"
