Information security
Protect what counts – with customized solutions for information security at the highest level.
Information security with DS DATA SYSTEMS
Protect what makes your company strong – with our expertise in information security.
Information security standards
- ISO/IEC 27001
- BSI IT baseline protection
- Cyber Essentials+
Industry-specific standards
- DORA (Digital Operational Resilience Act – Finance)
- VDA ISA (automotive industry)
- DFARS / NIST SP 800-171 (US defense supply chain)
- DEFCON / DEF STAN (UK defense sector)
- CMMC (Cybersecurity Maturity Model Certification – US defense industry)
Legal requirements
- IT Security Act
→ incl. KRITIS Regulation - NIS2 Implementation Act (EU Directive on Network and Information Security)
Roles & responsibilities
- Information Security Officer (ISO)
→ Implementation and coordination of information security
→ Required e.g. in ISO/IEC 27001, BSI IT-Grundschutz, NIS2/KRITIS
Methods & Tools
- CyberRisikoCheck (BSI)
→ Entry-level tool for SMEs to record and assess cyber risks
→ Supports the implementation of basic protection or ISO 27001
Why is information security important?
Information security is a living process that aims to ensure at least the protection goals of confidentiality, availability and integrity of information. We are happy to support you in the development and implementation of your information security management system (ISMS) in accordance with recognized national and international norms, standards and legal requirements and, if you wish, we can accompany you all the way to successful certification.
DS DATA SYSTEMS has been the expert for information security, IT security, data protection, security systems and audits for over 30 years. Independent of industry, for medium-sized companies to large international corporations as well as for federal and state governments.
Information is the basis of our daily actions and the necessary input for our decisions. We live in a time in which more and more companies, institutions and authorities are doing business online and business processes are now digitalized. At the same time, however, the number of threats to company networks and data is also increasing rapidly.
A data leak can have serious consequences for a company or public authority, both financially and in terms of reputational damage.
Below is a brief overview of the services we offer in this area. We are happy to accompany and support you in sustainably increasing your level of information security!
Information security standards
ISO/IEC 27001
We are experts in international norms and standards and work with you to implement the requirements of ISO/IEC 27001.
Our team of experts, consisting of experienced lead auditors and security consultants, will accompany you all the way to certification and will also be on hand to advise you at any time afterwards.
BSI IT baseline protection
With our certified BSI auditors and security consultants, we have the necessary technical expertise in our team to increase your security level.
We support you in pragmatically implementing the requirements of BSI IT baseline protection and, if desired, in obtaining ISO 27001 certification based on BSI IT baseline protection.
Cyber Essentials+
Cyber Essentials+ offers a comprehensive approach to cyber security that is not limited to the defense sector and can be applied by companies in all industries.
However, Cyber Essentials+ certification alone is not usually sufficient to operate in the UK defense sector. Nevertheless, it can serve as part of a broader security program to improve the overall security of the organization.
Industry-specific standards
DORA – Digital Operational Resilience Act
We help financial companies to implement the requirements of DORA efficiently and practically – from risk analysis and the creation of an information security framework to preparation for regulatory audits. Our approach combines regulatory know-how with technical implementation expertise.
VDA
Suppliers and service providers in the automotive industry must prove to car manufacturers that they have an appropriate level of information security in accordance with the Information Security Assessment (ISA) catalog of requirements if they process sensitive information.
To this end, the ENX Association and the VDA (German Association of the Automotive Industry) have jointly developed the “Trusted Information Security Assessment Exchange” (TISAX®) verification procedure. An assessment can be used to verify the company’s level of maturity with regard to the requirements defined in the VDA ISA at a specific location. The company can receive a so-called ‘label’ for the assessed location if it fulfills the relevant requirements of the VDA ISA.
Do you want to meet the strict requirements of the VDA ISA and receive the label? Then you’ve come to the right place!
We are happy to accompany and support you in achieving the target maturity level and successfully passing the test!
DFARS NIST SP 800-171
DFARS (Defense Federal Acquisition Regulation Supplement) and NIST SP 800-171 (National Institute of Standards and Technology Special Publication 800-171) are two separate but related cybersecurity frameworks that apply to work in the U.S. defense sector.
The two frameworks are closely related, as DFARS mandates and monitors compliance with NIST SP 800-171 for domestic and foreign companies that enter into or perform contracts with the U.S. Department of Defense (DoD). Organizations must therefore implement the security controls and measures of NIST SP 800-171 to meet the requirements of DFARS and demonstrate their ability to securely process and store sensitive information under CUI (Controlled Unclassified Information). CUI is certain types of sensitive information that must be controlled and protected by the government, but is not classified.
We at DS DATA SYSTEMS are experts in international norms and standards and will work with you to implement the requirements of NIST SP 800-171. We will also accompany you on the entire path to compliance and will be on hand to advise you at any time afterwards.
CMMC
The U.S. Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) was developed to enhance cybersecurity in the defense industry and protect sensitive, unclassified information. The certification sets new standards for the protection of sensitive information, ensuring that the U.S. Department of Defense supply chain implements robust and secure measures.
What can you achieve with CMMC?
- Increased security through protection against threats and data loss
- Increase your trustworthiness towards customers and business partners
- Meeting the high safety requirements for defense contracts
- How is your company currently positioned? Find out together with us and let us prepare you and your company for the CMMC security requirements.
DEFCON DEF STAN
DEFCON 658 and DEF STAN 05-138 are British standards for the security of defense information and facilities.
While DEFCON 658 deals with the classification and marking of information, DEF STAN 05-138 regulates a variety of requirements, including certification to Cyber Essentials+. Certification to this standard is sometimes essential for companies that enter into contracts with the UK Ministry of Defense.
We support you throughout the entire certification process and are also available to advise you after this step has been completed.
Legal requirements
IT Security Act / KRITIS Regulation
Operators of critical infrastructures (KRITIS) are legally obliged by the IT Security Act (IT-SiG) to comply with a minimum level of IT security. We support you in the implementation and introduction of industry-specific security standards so that you meet the legal obligation.
NIS2 Implementation Act
As the digitalization and networking of companies progresses, the requirements for information security are also increasing. NIS 2 (Network and Information Security Directive) is an important legal directive of the European Union that aims to strengthen the resilience of critical infrastructures and ensure the security of network and information systems.
Our team of experienced specialists offers you comprehensive advice and support to implement the requirements of the NIS2UmsuCG (NIS2 Implementation Act) effectively and efficiently in your company.
We use our in-house, standardized testing method to analyse your existing security measures and assess them for NIS 2 compliance. In this way, we ensure that your company complies with the current legal requirements and is protected in the best possible way.
Roles & responsibilities
Information Security Officer
The position of information security officer is also one of our core competencies. They represent the link between management, IT and users. Information security officers are responsible for ensuring that company information is adequately protected at all times and that the desired level of information security is not only achieved but also maintained. The implementation of an information management system (ISMS) plays a decisive role in this.
Regardless of the perspective from which an ISMS is to be or has been established in your company, our security consultants have the necessary, specialist qualifications to perform the role of external information security officer in your company.
There is also the option of coaching this role in your company in order to support the development of the necessary know-how.
Protection of sensitive information
Interface between IT, GF and users
ISMS implementation support
Know-how coaching
Methods & Tools
Cyber risk check according to DIN/SPEC 27076
A CyberRiskCheck is not a certification, but a standardized IT security procedure of the BSI, which is based on DIN SPEC 27076 and may only be carried out by trained IT service providers or certified consultants. It offers a detailed assessment of the maturity level of your IT security and helps you to identify weaknesses and implement targeted improvements.
At DS DATA SYSTEMS, we offer this service to help SMEs analyze and improve their IT security status cost-effectively.
This allows you to react to possible failures in good time and minimize economic risks and reputational damage.
Secure your free initial consultation now and make an appointment with us!
