Information security management

In the modern information age, secure and functional information systems are one of the most significant contributing factors for sustainable economic success of any company. Many processes and in the end even the trust of customers and consumers depend on IT systems adhering to the security requirements they are subject to. The market itself as well as external testers require that security is an integral part of all applications. In many cases, it is also necessary to provide proof to external partners that appropriate security measures have been firmly integrated into the information management.

Taking into account the complexity and heterogeneity of modern IT systems as well as rapidly changing technical environments, a structured and wholesome approach to information security is vital to ensure a longlasting protection of all information and information systems within the company.

The proactive approach of a comprehensive information security management system based on ISO 27001 or IT baseline security establishes a longlasting protection level in an ever-changing environment, a deep anchoring of security awareness on all levels of the company and a systematic reaction to security incidents. The use of national or international standards, such as the IT baseline protection manual of the German Federal Office for Information Security, ISO 27000 ff. (ISO 17799, BS 7799) or COBIT can also help in demonstrating your compliance with your own security requirements for the benefit of external partners.


Our Offer

In addition to the provision of support in the design and establishment of an information security management system (ISMS), SRC also offers selective consultation on individual issues. Our comprehensive service portfolio includes:

  • Conduction of workshops regarding introduction into security
    management or specific, selected aspects
  • Definition of processes and the development of security policies and
  • guidelines
  • Development of security concepts
  • Definition of risk management systems and risk analyses
  • Selection and implementation of technical and organisational security measures
  • Gap analyses against all established security standards and regulations
  • External security reviews, e.g. in the context of an IT revision
  • Definition and implementation of security awareness measures


Detlef Kraus
Thilo W. Pannen
Wijnand Machielse


Telephone: +49(0)228 2806-0
Telefax: +49(0)228 2806-199