dqs – your management partner
TRANSCRIPT
DQS – your management partner
DQS is an independent and competent partner for assessments to internationally recognized standards, as well as to individual or internal requirements. The notifications and accreditations DQS holds for all relevant standards stand for international competence and reliability. Many years of experience in their business sectors and a high level of social competence distinguish the highly qualified DQS auditors. During assessment procedures, they provide valuable support for processes that are controlled, quality ready and based on key indicators. Successful assessments and certifications by DQS demonstrate more than conformity with the standard referenced. Our auditors supply information on opportunities and risks, identify improvement potential, and provide impulses for improved performance ability.
Information Security Management
Custom assessments with a practical focus – independent and international
DQS plans and conducts each assessment individually, in order to achieve the maximum benefit for each customer and their individual situation on site. As far as data protection is concerned, particular emphasis is placed on confidentiality, availability, and integrity. The simultaneous assessment of multiple management systems or an integrated management system creates synergies from the joint assessment of duplicate requirements.
Sustainable corporate success through information security
Maintenance of business continuity Transparency for customers with stringent security requirements Improved security consciousness within the organization Improved data and information protection Improved confidence among interested parties Reduced risk of liability Protection of physical security areas
Protecting information – minimizing risks
August-Schanz-Straße 21 60433 Frankfurt am Main Germany Tel. +49 69 95427-0 Fax +49 69 95427-111 [email protected]
Markgrafenstraße 56 10117 Berlin Germany Tel. +49 30 200543-30 Fax +49 30 200543-50
Taubenheimstraße 24 70372 Stuttgart Germany Tel. +49 711 3807319-0 Fax +49 711 3807319-10
Imprint
Print johnen druck, Bernkastel-Kues
DQS is member of:
DQS GmbH Deutsche Gesellschaft zur Zertifizierung von Managementsystemen
Keeping information safe is an essential premise for sustained success in any business area – but how much attention do you pay to it?
Many organizations still vastly underestimate the amount of risk associated with the ever increasing volume of information traffic and storage, both in printed or electronic format – while both risk and volume increase simultaneously*. Today’s easy means of data transfer and the almost carefree handling by so many users can make you forget that this makes it just as easy for unauthorized users to access your most valuable asset – your company data. Customer profiles, construction plans, financial analyses – in the wrong hands, they can become volatile information. Losing them to third parties can threaten the very existence of an organization.
Information security, by the way, is not a new subject at all. In order to protect information from unauthorized access in the past, people used to develop secret languages, safeguard transports, carefully select trustworthy messengers, and built heavy-duty safes. Today, you don’t need much more than the correct password to enter into the depths of any given company, to conduct transactions under somebody else’s name, or to be given access to facilities, buildings, or networks.
Level 1
Level 2
Level 3 Physical areas Logical areas Examples of organizational boundaries
e.g. employees in controlling, only authorized for levels 1 and 2
e.g. top management
World Wide Web
Information security and data protection is one of the permanent tasks of top management. The PDCA cycle of planning, implementation, correction and action applies here, as well. The advantage is that even these most critical tasks of an organization can be integrated seamlessly into an existing management system.
From analyses to certificates
In order to react correctly, though, you first have to identify the challenge. That is why more and more companies apply a systematic approach that provides both surety of action and legal certainty – and that is well suited for achieving corporate goals. DQS offers innovative assessment concepts that are fine-tuned exactly to each customer’s individual need for security, and their objectives. The spectrum covers anything from a brief online self-evaluation on information security issues, all the way to the comprehen- sive assessment and certification of an information security management system on the basis of ISO 27001. DQS customers also benefit from the detailed findings of data privacy audits and one-day analyses on selected aspects, such as the security policy.
ISO 27001 – Secure information International standard for a process-oriented management system for information se- curity (ISMS) with a preventive and comprehensive approach. ISO 27001 systematically addresses the risks associated with information, as well as all processes designed to ensure business continuity.
Data privacy audit – Adherence to legal requirements This assessment takes into account the legal and customer-specific requirements for data protection. Recommended for all organizations that store and process personal data, whether private or public sector. DQS Compact – Assessment of selected corporate aspects Neutral, competent, and independent review of one specific corporate aspect, such as validation of the security policy, legal certainty of the website, analysis of the information processing center’s infrastructure.
Assessments specifically designed for IT service providers
ISO 20000-1 – IT Service Management International standard for cost effective and reliable IT service management, based on the Best Practices Approach of the IT Infrastructure Library (ITIL®). The assessment to ISO 20000-1 does not have to include all corporate processes within an organization. It can be limited to selected IT service processes and performed in several stages.
IT Service Management Processes according to ITIL® – IT Infrastructure Library ITIL® is a Best Practice catalogue that contains recommendations instead of require- ments. ITIL® therefore provides no framework for certification, but it can be included as basis of an assessment. The questionnaire that goes with it is BIP 0015; DQS applies this as well as the requirements of ISO 20000-1 in their certifications, and issues a statement of conformity.
itSMF Seal of Approval – Benchmark for IT services Quality model based on an approach oriented on customers and characteristics. itSMF helps to identify those performance characteristics most relevant to customers, as well as the overall satisfaction with the perceived service quality.
*2010 Study on Safety Risks for German SMEs (“Gefahrenbarometer 2010”)
Information security needs organization
Possible protection areas: information security can only be maintained where the different protection areas are superimposed
DQS GmbH Deutsche Gesellschaft zur Zertifizierung von Managementsystemen
Keeping information safe is an essential premise for sustained success in any business area – but how much attention do you pay to it?
Many organizations still vastly underestimate the amount of risk associated with the ever increasing volume of information traffic and storage, both in printed or electronic format – while both risk and volume increase simultaneously*. Today’s easy means of data transfer and the almost carefree handling by so many users can make you forget that this makes it just as easy for unauthorized users to access your most valuable asset – your company data. Customer profiles, construction plans, financial analyses – in the wrong hands, they can become volatile information. Losing them to third parties can threaten the very existence of an organization.
Information security, by the way, is not a new subject at all. In order to protect information from unauthorized access in the past, people used to develop secret languages, safeguard transports, carefully select trustworthy messengers, and built heavy-duty safes. Today, you don’t need much more than the correct password to enter into the depths of any given company, to conduct transactions under somebody else’s name, or to be given access to facilities, buildings, or networks.
Level 1
Level 2
Level 3 Physical areas Logical areas Examples of organizational boundaries
e.g. employees in controlling, only authorized for levels 1 and 2
e.g. top management
World Wide Web
Information security and data protection is one of the permanent tasks of top management. The PDCA cycle of planning, implementation, correction and action applies here, as well. The advantage is that even these most critical tasks of an organization can be integrated seamlessly into an existing management system.
From analyses to certificates
In order to react correctly, though, you first have to identify the challenge. That is why more and more companies apply a systematic approach that provides both surety of action and legal certainty – and that is well suited for achieving corporate goals. DQS offers innovative assessment concepts that are fine-tuned exactly to each customer’s individual need for security, and their objectives. The spectrum covers anything from a brief online self-evaluation on information security issues, all the way to the comprehen- sive assessment and certification of an information security management system on the basis of ISO 27001. DQS customers also benefit from the detailed findings of data privacy audits and one-day analyses on selected aspects, such as the security policy.
ISO 27001 – Secure information International standard for a process-oriented management system for information se- curity (ISMS) with a preventive and comprehensive approach. ISO 27001 systematically addresses the risks associated with information, as well as all processes designed to ensure business continuity.
Data privacy audit – Adherence to legal requirements This assessment takes into account the legal and customer-specific requirements for data protection. Recommended for all organizations that store and process personal data, whether private or public sector. DQS Compact – Assessment of selected corporate aspects Neutral, competent, and independent review of one specific corporate aspect, such as validation of the security policy, legal certainty of the website, analysis of the information processing center’s infrastructure.
Assessments specifically designed for IT service providers
ISO 20000-1 – IT Service Management International standard for cost effective and reliable IT service management, based on the Best Practices Approach of the IT Infrastructure Library (ITIL®). The assessment to ISO 20000-1 does not have to include all corporate processes within an organization. It can be limited to selected IT service processes and performed in several stages.
IT Service Management Processes according to ITIL® – IT Infrastructure Library ITIL® is a Best Practice catalogue that contains recommendations instead of require- ments. ITIL® therefore provides no framework for certification, but it can be included as basis of an assessment. The questionnaire that goes with it is BIP 0015; DQS applies this as well as the requirements of ISO 20000-1 in their certifications, and issues a statement of conformity.
itSMF Seal of Approval – Benchmark for IT services Quality model based on an approach oriented on customers and characteristics. itSMF helps to identify those performance characteristics most relevant to customers, as well as the overall satisfaction with the perceived service quality.
*2010 Study on Safety Risks for German SMEs (“Gefahrenbarometer 2010”)
Information security needs organization
Possible protection areas: information security can only be maintained where the different protection areas are superimposed
DQS GmbH Deutsche Gesellschaft zur Zertifizierung von Managementsystemen
0 4
/2 0
1 0
DQS – your management partner
DQS is an independent and competent partner for assessments to internationally recognized standards, as well as to individual or internal requirements. The notifications and accreditations DQS holds for all relevant standards stand for international competence and reliability. Many years of experience in their business sectors and a high level of social competence distinguish the highly qualified DQS auditors. During assessment procedures, they provide valuable support for processes that are controlled, quality ready and based on key indicators. Successful assessments and certifications by DQS demonstrate more than conformity with the standard referenced. Our auditors supply information on opportunities and risks, identify improvement potential, and provide impulses for improved performance ability.
Information Security Management
Custom assessments with a practical focus – independent and international
DQS plans and conducts each assessment individually, in order to achieve the maximum benefit for each customer and their individual situation on site. As far as data protection is concerned, particular emphasis is placed on confidentiality, availability, and integrity. The simultaneous assessment of multiple management systems or an integrated management system creates synergies from the joint assessment of duplicate requirements.
Sustainable corporate success through information security
Maintenance of business continuity Transparency for customers with stringent security requirements Improved security consciousness within the organization Improved data and information protection Improved confidence among interested parties Reduced risk of liability Protection of physical security areas
Protecting information – minimizing risks
August-Schanz-Straße 21 60433 Frankfurt am Main Germany Tel. +49 69 95427-0 Fax +49 69 95427-111 [email protected]
Markgrafenstraße 56 10117 Berlin Germany Tel. +49 30 200543-30 Fax +49 30 200543-50
Taubenheimstraße 24 70372 Stuttgart Germany Tel. +49 711 3807319-0 Fax +49 711 3807319-10
Imprint
Print johnen druck, Bernkastel-Kues
DQS is member of:
0 4
/2 0
1 0
DQS – your management partner
DQS is an independent and competent partner for assessments to internationally recognized standards, as well as to individual or internal requirements. The notifications and accreditations DQS holds for all relevant standards stand for international competence and reliability. Many years of experience in their business sectors and a high level of social competence distinguish the highly qualified DQS auditors. During assessment procedures, they provide valuable support for processes that are controlled, quality ready and based on key indicators. Successful assessments and certifications by DQS demonstrate more than conformity with the standard referenced. Our auditors supply information on opportunities and risks, identify improvement potential, and provide impulses for improved performance ability.
Information Security Management
Custom assessments with a practical focus – independent and international
DQS plans and conducts each assessment individually, in order to achieve the maximum benefit for each customer and their individual situation on site. As far as data protection is concerned, particular emphasis is placed on confidentiality, availability, and integrity. The simultaneous assessment of multiple management systems or an integrated management system creates synergies from the joint assessment of duplicate requirements.
Sustainable corporate success through information security
Maintenance of business continuity Transparency for customers with stringent security requirements Improved security consciousness within the organization Improved data and information protection Improved confidence among interested parties Reduced risk of liability Protection of physical security areas
Protecting information – minimizing risks
August-Schanz-Straße 21 60433 Frankfurt am Main Germany Tel. +49 69 95427-0 Fax +49 69 95427-111 [email protected]
Markgrafenstraße 56 10117 Berlin Germany Tel. +49 30 200543-30 Fax +49 30 200543-50
Taubenheimstraße 24 70372 Stuttgart Germany Tel. +49 711 3807319-0 Fax +49 711 3807319-10
Imprint
Print johnen druck, Bernkastel-Kues
DQS is member of:
DQS is an independent and competent partner for assessments to internationally recognized standards, as well as to individual or internal requirements. The notifications and accreditations DQS holds for all relevant standards stand for international competence and reliability. Many years of experience in their business sectors and a high level of social competence distinguish the highly qualified DQS auditors. During assessment procedures, they provide valuable support for processes that are controlled, quality ready and based on key indicators. Successful assessments and certifications by DQS demonstrate more than conformity with the standard referenced. Our auditors supply information on opportunities and risks, identify improvement potential, and provide impulses for improved performance ability.
Information Security Management
Custom assessments with a practical focus – independent and international
DQS plans and conducts each assessment individually, in order to achieve the maximum benefit for each customer and their individual situation on site. As far as data protection is concerned, particular emphasis is placed on confidentiality, availability, and integrity. The simultaneous assessment of multiple management systems or an integrated management system creates synergies from the joint assessment of duplicate requirements.
Sustainable corporate success through information security
Maintenance of business continuity Transparency for customers with stringent security requirements Improved security consciousness within the organization Improved data and information protection Improved confidence among interested parties Reduced risk of liability Protection of physical security areas
Protecting information – minimizing risks
August-Schanz-Straße 21 60433 Frankfurt am Main Germany Tel. +49 69 95427-0 Fax +49 69 95427-111 [email protected]
Markgrafenstraße 56 10117 Berlin Germany Tel. +49 30 200543-30 Fax +49 30 200543-50
Taubenheimstraße 24 70372 Stuttgart Germany Tel. +49 711 3807319-0 Fax +49 711 3807319-10
Imprint
Print johnen druck, Bernkastel-Kues
DQS is member of:
DQS GmbH Deutsche Gesellschaft zur Zertifizierung von Managementsystemen
Keeping information safe is an essential premise for sustained success in any business area – but how much attention do you pay to it?
Many organizations still vastly underestimate the amount of risk associated with the ever increasing volume of information traffic and storage, both in printed or electronic format – while both risk and volume increase simultaneously*. Today’s easy means of data transfer and the almost carefree handling by so many users can make you forget that this makes it just as easy for unauthorized users to access your most valuable asset – your company data. Customer profiles, construction plans, financial analyses – in the wrong hands, they can become volatile information. Losing them to third parties can threaten the very existence of an organization.
Information security, by the way, is not a new subject at all. In order to protect information from unauthorized access in the past, people used to develop secret languages, safeguard transports, carefully select trustworthy messengers, and built heavy-duty safes. Today, you don’t need much more than the correct password to enter into the depths of any given company, to conduct transactions under somebody else’s name, or to be given access to facilities, buildings, or networks.
Level 1
Level 2
Level 3 Physical areas Logical areas Examples of organizational boundaries
e.g. employees in controlling, only authorized for levels 1 and 2
e.g. top management
World Wide Web
Information security and data protection is one of the permanent tasks of top management. The PDCA cycle of planning, implementation, correction and action applies here, as well. The advantage is that even these most critical tasks of an organization can be integrated seamlessly into an existing management system.
From analyses to certificates
In order to react correctly, though, you first have to identify the challenge. That is why more and more companies apply a systematic approach that provides both surety of action and legal certainty – and that is well suited for achieving corporate goals. DQS offers innovative assessment concepts that are fine-tuned exactly to each customer’s individual need for security, and their objectives. The spectrum covers anything from a brief online self-evaluation on information security issues, all the way to the comprehen- sive assessment and certification of an information security management system on the basis of ISO 27001. DQS customers also benefit from the detailed findings of data privacy audits and one-day analyses on selected aspects, such as the security policy.
ISO 27001 – Secure information International standard for a process-oriented management system for information se- curity (ISMS) with a preventive and comprehensive approach. ISO 27001 systematically addresses the risks associated with information, as well as all processes designed to ensure business continuity.
Data privacy audit – Adherence to legal requirements This assessment takes into account the legal and customer-specific requirements for data protection. Recommended for all organizations that store and process personal data, whether private or public sector. DQS Compact – Assessment of selected corporate aspects Neutral, competent, and independent review of one specific corporate aspect, such as validation of the security policy, legal certainty of the website, analysis of the information processing center’s infrastructure.
Assessments specifically designed for IT service providers
ISO 20000-1 – IT Service Management International standard for cost effective and reliable IT service management, based on the Best Practices Approach of the IT Infrastructure Library (ITIL®). The assessment to ISO 20000-1 does not have to include all corporate processes within an organization. It can be limited to selected IT service processes and performed in several stages.
IT Service Management Processes according to ITIL® – IT Infrastructure Library ITIL® is a Best Practice catalogue that contains recommendations instead of require- ments. ITIL® therefore provides no framework for certification, but it can be included as basis of an assessment. The questionnaire that goes with it is BIP 0015; DQS applies this as well as the requirements of ISO 20000-1 in their certifications, and issues a statement of conformity.
itSMF Seal of Approval – Benchmark for IT services Quality model based on an approach oriented on customers and characteristics. itSMF helps to identify those performance characteristics most relevant to customers, as well as the overall satisfaction with the perceived service quality.
*2010 Study on Safety Risks for German SMEs (“Gefahrenbarometer 2010”)
Information security needs organization
Possible protection areas: information security can only be maintained where the different protection areas are superimposed
DQS GmbH Deutsche Gesellschaft zur Zertifizierung von Managementsystemen
Keeping information safe is an essential premise for sustained success in any business area – but how much attention do you pay to it?
Many organizations still vastly underestimate the amount of risk associated with the ever increasing volume of information traffic and storage, both in printed or electronic format – while both risk and volume increase simultaneously*. Today’s easy means of data transfer and the almost carefree handling by so many users can make you forget that this makes it just as easy for unauthorized users to access your most valuable asset – your company data. Customer profiles, construction plans, financial analyses – in the wrong hands, they can become volatile information. Losing them to third parties can threaten the very existence of an organization.
Information security, by the way, is not a new subject at all. In order to protect information from unauthorized access in the past, people used to develop secret languages, safeguard transports, carefully select trustworthy messengers, and built heavy-duty safes. Today, you don’t need much more than the correct password to enter into the depths of any given company, to conduct transactions under somebody else’s name, or to be given access to facilities, buildings, or networks.
Level 1
Level 2
Level 3 Physical areas Logical areas Examples of organizational boundaries
e.g. employees in controlling, only authorized for levels 1 and 2
e.g. top management
World Wide Web
Information security and data protection is one of the permanent tasks of top management. The PDCA cycle of planning, implementation, correction and action applies here, as well. The advantage is that even these most critical tasks of an organization can be integrated seamlessly into an existing management system.
From analyses to certificates
In order to react correctly, though, you first have to identify the challenge. That is why more and more companies apply a systematic approach that provides both surety of action and legal certainty – and that is well suited for achieving corporate goals. DQS offers innovative assessment concepts that are fine-tuned exactly to each customer’s individual need for security, and their objectives. The spectrum covers anything from a brief online self-evaluation on information security issues, all the way to the comprehen- sive assessment and certification of an information security management system on the basis of ISO 27001. DQS customers also benefit from the detailed findings of data privacy audits and one-day analyses on selected aspects, such as the security policy.
ISO 27001 – Secure information International standard for a process-oriented management system for information se- curity (ISMS) with a preventive and comprehensive approach. ISO 27001 systematically addresses the risks associated with information, as well as all processes designed to ensure business continuity.
Data privacy audit – Adherence to legal requirements This assessment takes into account the legal and customer-specific requirements for data protection. Recommended for all organizations that store and process personal data, whether private or public sector. DQS Compact – Assessment of selected corporate aspects Neutral, competent, and independent review of one specific corporate aspect, such as validation of the security policy, legal certainty of the website, analysis of the information processing center’s infrastructure.
Assessments specifically designed for IT service providers
ISO 20000-1 – IT Service Management International standard for cost effective and reliable IT service management, based on the Best Practices Approach of the IT Infrastructure Library (ITIL®). The assessment to ISO 20000-1 does not have to include all corporate processes within an organization. It can be limited to selected IT service processes and performed in several stages.
IT Service Management Processes according to ITIL® – IT Infrastructure Library ITIL® is a Best Practice catalogue that contains recommendations instead of require- ments. ITIL® therefore provides no framework for certification, but it can be included as basis of an assessment. The questionnaire that goes with it is BIP 0015; DQS applies this as well as the requirements of ISO 20000-1 in their certifications, and issues a statement of conformity.
itSMF Seal of Approval – Benchmark for IT services Quality model based on an approach oriented on customers and characteristics. itSMF helps to identify those performance characteristics most relevant to customers, as well as the overall satisfaction with the perceived service quality.
*2010 Study on Safety Risks for German SMEs (“Gefahrenbarometer 2010”)
Information security needs organization
Possible protection areas: information security can only be maintained where the different protection areas are superimposed
DQS GmbH Deutsche Gesellschaft zur Zertifizierung von Managementsystemen
0 4
/2 0
1 0
DQS – your management partner
DQS is an independent and competent partner for assessments to internationally recognized standards, as well as to individual or internal requirements. The notifications and accreditations DQS holds for all relevant standards stand for international competence and reliability. Many years of experience in their business sectors and a high level of social competence distinguish the highly qualified DQS auditors. During assessment procedures, they provide valuable support for processes that are controlled, quality ready and based on key indicators. Successful assessments and certifications by DQS demonstrate more than conformity with the standard referenced. Our auditors supply information on opportunities and risks, identify improvement potential, and provide impulses for improved performance ability.
Information Security Management
Custom assessments with a practical focus – independent and international
DQS plans and conducts each assessment individually, in order to achieve the maximum benefit for each customer and their individual situation on site. As far as data protection is concerned, particular emphasis is placed on confidentiality, availability, and integrity. The simultaneous assessment of multiple management systems or an integrated management system creates synergies from the joint assessment of duplicate requirements.
Sustainable corporate success through information security
Maintenance of business continuity Transparency for customers with stringent security requirements Improved security consciousness within the organization Improved data and information protection Improved confidence among interested parties Reduced risk of liability Protection of physical security areas
Protecting information – minimizing risks
August-Schanz-Straße 21 60433 Frankfurt am Main Germany Tel. +49 69 95427-0 Fax +49 69 95427-111 [email protected]
Markgrafenstraße 56 10117 Berlin Germany Tel. +49 30 200543-30 Fax +49 30 200543-50
Taubenheimstraße 24 70372 Stuttgart Germany Tel. +49 711 3807319-0 Fax +49 711 3807319-10
Imprint
Print johnen druck, Bernkastel-Kues
DQS is member of:
0 4
/2 0
1 0
DQS – your management partner
DQS is an independent and competent partner for assessments to internationally recognized standards, as well as to individual or internal requirements. The notifications and accreditations DQS holds for all relevant standards stand for international competence and reliability. Many years of experience in their business sectors and a high level of social competence distinguish the highly qualified DQS auditors. During assessment procedures, they provide valuable support for processes that are controlled, quality ready and based on key indicators. Successful assessments and certifications by DQS demonstrate more than conformity with the standard referenced. Our auditors supply information on opportunities and risks, identify improvement potential, and provide impulses for improved performance ability.
Information Security Management
Custom assessments with a practical focus – independent and international
DQS plans and conducts each assessment individually, in order to achieve the maximum benefit for each customer and their individual situation on site. As far as data protection is concerned, particular emphasis is placed on confidentiality, availability, and integrity. The simultaneous assessment of multiple management systems or an integrated management system creates synergies from the joint assessment of duplicate requirements.
Sustainable corporate success through information security
Maintenance of business continuity Transparency for customers with stringent security requirements Improved security consciousness within the organization Improved data and information protection Improved confidence among interested parties Reduced risk of liability Protection of physical security areas
Protecting information – minimizing risks
August-Schanz-Straße 21 60433 Frankfurt am Main Germany Tel. +49 69 95427-0 Fax +49 69 95427-111 [email protected]
Markgrafenstraße 56 10117 Berlin Germany Tel. +49 30 200543-30 Fax +49 30 200543-50
Taubenheimstraße 24 70372 Stuttgart Germany Tel. +49 711 3807319-0 Fax +49 711 3807319-10
Imprint
Print johnen druck, Bernkastel-Kues
DQS is member of: