We are pleased to announce that Nexpert has successfully migrated from ISO/IEC27001:2013 to the revised standard ISO/IEC27001:2022. The revision of the standard has integrated necessary adjustments regarding various topics. The main ones are:
- Threat Intelligence & Vulnerability Management
The updated standard places a stronger focus on proactively dealing with threats and vulnerabilities. On the one hand, information about current and potential threats should be systematically collected and analyzed. On the other hand, this includes the identification, assessment and elimination of vulnerabilities in IT systems. The aim is to close security gaps before they can be exploited by attackers.
- Dealing with cloud services
The standard now requires certified companies to handle cloud services in a specified manner. The acquisition, use and exit from cloud services must be defined and appropriate risk management integrated.
- Configuration management
Configurations of hardware and software, services and networks should be comprehensively defined, documented and monitored.
Privacy
The topic of data protection has been increasingly woven into the standard. For example, newly documented processes are now required that cover the essential requirements of data protection (e.g. deletion of information, prevention of data leaks). This is a very sensible step, as the topics of information security and data protection overlap.
What use is that to you as a customer?
The Nexpert team has a comprehensive understanding of information security and data protection. Our employees are trained to practice information security at the highest level. As a trusted advisor, we can therefore advise our clients and plan, implement and maintain suitable IT solutions that are appropriate to their risk exposure.