With the already existing certifications in the area of quality management according to DIN EN ISO 9001 and ISO 14001 Ruhlamat had a very good basis for the implementation of an information security management system.
It's done! The external audit took place on 2 dates (8 May and 15-17 June). We passed the audit without any deviations, neither major nor minor. That makes us very proud!
We would like to thank all employees* for their cooperation and their achievements. Praise also goes to the RUCON Group for their commitment. It was a practical and solution-oriented cooperation. If certification, then please again with the RUCONs.
So why this certification?
We want to significantly increase the information security in our company and be compliant with numerous regulations. For this reason, the introduction of an information security management system was a clear matter for us. An information security management system (ISMS) is the basis for protecting information and data from unauthorized access and modification.
With the introduction of the system, our aim was to identify and analyse possible risks for our company and to make them controllable by means of suitable measures. ISO/IEC 27001 formulates the requirements for such a management system. It will be audited in an external certification procedure after its introduction.
What sense does it make and what goals do we want to achieve with it?
We want to use the ISMS for ourselves and for our customers:
- To make the security and protection of sensitive information (in electronic form, printed on paper, in films or as spoken word) against unauthorized access or modification an integral part of the company processes
- Preventive safeguarding of the protection objectives Ensure confidentiality, availability and integrity of information
- Enable the maintenance of business continuity through continuous improvement of the security level
- Establish an effective risk management process in the company
- Achieve a strong safety awareness of all employees and managers at all levels of the company
- To increase the trust our customers and suppliers place in us
- Being able to officially confirm the information security in practice by means of certification