TÜV AUSTRIA Deutschland GmbH spent four days testing the information security management system (ISMS) of SoftProject GmbH. Following the audit, the certification body officially certified the compliant application in all areas examined. This includes the in-house hosting service, the operation of the data center, the security of information and the operation of customer systems.

“Data quality and security are our top priority,” says Daniel Eichhorn, Head of Quality Assurance at SoftProject. “Our customers, suppliers, authorities, trade associations and our employees rely on our services. The certification offers us the opportunity to make our own quality requirements visible and to communicate to the outside world.” Further certifications in different divisions are already planned.

Information Security Measures Work Both Externally and Internally

For internal processes, certification also means a quality gain: The behavior in security incidents is now documented and centrally accessible to all employees, the procedure for hiring new employees as well as for an internal job changes or a company exit have been redefined. An internally appointed information security officer is responsible and reviewing the required information security objectives, performs risk analyses and controls security requirements.

Sustainable Security through Continuous Controls

In ISO/IEC 27001:2013, the International Organization for Standardization (ISO) describes how companies avoid IT risks and ensure holistic data protection and information security by using their ISMS (Information Security Management System) set up, implement, maintain and continuously improve in accordance with the guidelines drawn up by experts. In this context, SoftProject GmbH undertakes to the independent certification body to be monitored regularly and continuously.