Proven IT security
The information security management system organizes structure and processes of our company in order to support us with reaching our goals, based on the application and connection of goal-oriented methods and the establishment of transparent processes.
All company actions have to be executed so they can fulfill the demands for quality of products and services, taking also into consideration data protection as well as legal and official aspects. Identification, design, implementation, connection, control and improvement of our business processes are actual goals of the management system.
The information security management system of netplace Telematik GmbH is ISO/IEC 27001:2013 certified and encompasses all areas necessary for data center operation, internet hosting and IT system administration.
AreasAffected areas are all organizational and technological processes leading to a permanent improvement of the protection goals, such as the operation and control of supply facilities, implementation and conduction of information security processes and qualification of staff members.
Internet hostingHosting encompasses supply with and operation of IT systems within the netplace data center. A fail-safe operation of systems hosted in the data center is based on the quality and fail-safety of technological facilities for power supply, air conditioning, internet connection and authentication.
AdministrationAdministration consists of installation, configuration and update of operating and application systems while taking information security into account.
Central activities revolving around ISMS are
Development of an organization-wide information security management process
Conduction of risk analysis
Design of a security plan
Realization of security measures
Warranty of information security during operation
Continuous monitoring and improvement of ISMS
Positive aspects of the last audit in 2016
- The internal audit program was extended with technical audits planned and conducted on a regularly basis in order to check the implemented controls by means of defined test objects. Technical auditors were put in charge of the areas network systems, server systems and applications. That way the internal auditors were disencumbered and could concentrate on the frame management audit as well as checking the correct realization of technical audits by means of random sampling.
- The initial audit of all network systems, server systems and applications (technical audits) has been completely conducted this year and will from now on be controlled by the configuration management.
- The incident (reporting) procedure was simplified, supporting the immediate logging of all security relevant events.
- Detected vulnerabilities are systematically analyzed and eliminated by appropriate measures. Helpful information about this is supplied by the incident process as well as the freshly introduced suggestion system.
- The process of risk analysis and treatment has been optimized further, taking recent events from monitoring and incident management into account.
- Emergency plans and tests for every vital system are designed, conducted, analyzed and optimized by measures of improvement.
- Regular planning, conduction and evaluation of security audits. Realization of measures in case of nonconformities, followed by another test.
- Systematic license management
- Systematic patch management including emergency ad-hoc patching
- The state of the art encryption standards are continuously checked
- The network infrastructure including its comprehensible documentation, change management and audits is administered and controlled systematically