Bouygues E&S Prozessautomation requested an audit in line with ISO standard 27001 in order to undergo an independent test of the way data and information are handled in the company. The standard sets out the ‘requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.’ Successful certification provides customers and partners with important proof that a company maintains a high security standard when handling data.
But first, the organisation needed to prepare for the certification and project teams had to be formed to focus on relevant areas of action. Based on a security analysis, organisational and technical measures to be implemented had been defined at an earlier stage. These concerned, for example, on-site access restrictions, technical extensions to the network and the development of guidelines and work instructions for employees.
The project team achieved the required documentation of the information security management system using a new software set up in the style of a simple company wiki and containing workflows for tracking specific tasks, among other things. All measures of the ISO standard can therefore clearly be seen and tracked in terms of their implementation and compliance.