Do you need an information security officer (Informationssicherheitsbeauftragter/ISB) who holds the reins of your information and IT security and is always familiar with the latest regulations, laws and developments? But you have neither the necessary internal capacities nor sufficient know-how to provide your own information security officer?
Individual and professional – our ISB service
We can help you here with comprehensive services. Our security experts routinely support you on a strategic, tactical and operational level, and guarantee your compliance in information security. Whether temporary or long-term – we offer you an individual ISB service, precisely tailored to your actual needs.
Certified security expertise and many years of experience
Our ISBs have professional expertise and are certified accordingly:
- ISO 27001 personnel certified
- Certified experts for data protection according to EU-DSGVO
- ISO 19011 (auditor in management systems)
What does an information security officer do?
The requirements for an ISB are very high. He or she covers the security of the entire company at all levels and acts as a link between IT, security and operations. This also includes supply chains and subsidiaries. He reports directly to senior management, ideally above and beyond the Chief Information Officer (CIO).
Areas of responsibility of an ISB
- Security architecture
- Cyber risk identification and prevention
- Authorization, authentication and access management
- Further development of the information security management system (ISMS)
- Information security incident handling and governance
Tasks of an ISB
- Maintaining your ISMS in accordance with ISO 27001 and TISAX® requirements
- Carrying out risk analyses
- Formulating appropriate security measures and defining IT and security policies
- Implementation of business continuity and disaster recovery measures
- Implementation of measures to raise employee awareness
- Implementation of ‘Security by Design’ principles
- Process and technology audits for regular monitoring of information security
- Business impact analyses
- Creation and maintenance of necessary documentation
To map all this in a single person usually presents companies with time-consuming and cost-intensive challenges. In addition, not every company has the necessary expertise from the various areas.
ISB Service – we provide you with an information security officer
The information security officer provided as part of our ISB Service heads a team of broad-based experts who support him in all areas. This means that you not only benefit from the many years of experience and excellent expertise of our security specialists, you also save time and money.
It all comes down to personality
Our ISBs understand security-related tasks in their function as a link between management, IT departments and users. As strong communicators and skilled speakers, they routinely support your IT and information security staff in briefing and training employees and users, as well as in all necessary assessments.
Our information security officers are…
- Trustworthy: as person-certified security experts, they practice professional discretion, providing a hands-on role model for your employees.
- Strong communicators: they regularly give training and workshops to company management and employees. Whether talking to the CEO or the non-specialist warehouse worker, they always find the right words and get the message across.
- Professional and competent: They look back on years of experience in the security sector and can also draw on broad expertise within Sulzer GmbH.
- Always up to date: Recertifications and advanced training courses are mandatory for them. This ensures that our clients always receive up-to-date and compliant advice.
Do you need an ISB?
In contrast to the statutory obligation to install a data protection officer in the company, the role of an ISB applies only to operators of critical infrastructures, such as energy suppliers.
But: In the various regulations and legal requirements for operational IT and information security, such as the Corporate Sector Supervision and Transparency Act (KonTraG) or the German Stock Corporation Act (AktG), the managing director is assigned direct responsibility up to and including personal liability.
Reduction of the risk of damage and compliance with the information security level.
In some circumstances, an ISB not only reduces the personal risk of damage, but also relieves management of the burden of establishing and maintaining the required level of information security. Of course, this is especially true if you are seeking or already have the TISAX® label, because our information security officers are experts in implementing and maintaining an ISMS in accordance with ISO 27001 – and that, in turn, is one of the requirements for the TISAX® label.
We are your partner
Sulzer GmbH is ISO 2701 and ISO 9001 certified and has TISAX®. For more than 40 years, we have been active worldwide as a full-service provider of process and IT consulting in the automotive industry. Our long-standing and trustworthy partners can rely on our expertise.
TISAX® is a registered trademark of the ENX Association
No business relationship exists between Sulzer GmbH and ENX Association with respect to the consulting services described above. The mention of the TISAX® trademark does not imply any statement by the trademark owner as to the suitability of the services advertised herein.