After intensive preparation and a rigorous audit process, it's official: We don't take shortcuts when it comes to security. Independent experts have certified our systems, technologies, and processes according to ISO/IEC 27001:2022, confirming that we deliver security at top international standards.
As our auditor noted:
"I'm impressed – such well-thought-out and clearly structured processes are truly rare."
This verdict speaks volumes: Nothing was left to chance.
Thanks to tireless dedication, a strategic approach, and strong collaboration, we've not only met but exceeded our goals. It's an achievement that demonstrates what we can accomplish together – and we're proud of it!
Our Journey to ISO/IEC 27001:2022
Instead of opting for a regular surveillance audit, we decided to pursue an upgrade certification. We took a bold step forward: Rather than gradually moving from ISO/IEC 27001:2013 through the ISO/IEC 27001:2017 version, we jumped directly to the latest ISO/IEC 27001:2022 standard.
The differences between the 2013 and 2017 versions were minimal and would have had little impact on our security practices. Therefore, we chose to invest our resources in implementing the comprehensive innovations of the 2022 version, which represents a significant advancement in the security landscape.
What is new?
ISO/IEC 27001:2022 updates numerous controls and introduces new requirements, with a particular focus on cyberattacks, cloud security, and data protection.
In cybersecurity, the emphasis is on threat intelligence mechanisms to identify and assess risks early. This involves collecting and analyzing information about potential threats and translating them into concrete protective measures before they become real dangers. Security event monitoring complements this approach by providing continuous surveillance of all IT system activities, enabling real-time detection and response to unusual events or suspicious access attempts.
To prevent security gaps from emerging, improved configuration management ensures IT systems and applications are securely set up and regularly verified. This prevents misconfigurations, which are often the gateway for cyberattacks. Secure software development also plays a crucial role: structured processes and regular code reviews identify vulnerabilities during the development phase, before they can be exploited.
Additionally, physical security monitoring strengthens protection by monitoring infrastructure like server rooms and data centers to prevent unauthorized access. Web filtering completes the security framework by specifically blocking access to harmful or unwanted websites. This creates a comprehensive security network that reliably covers both digital and physical risks.
Special attention is paid to data protection, which is defined more clearly and practically in ISO/IEC 27001:2022. Requirements for secure data deletion ensure information is reliably and irreversibly removed, while data masking protects sensitive content through obfuscation or anonymization. This is complemented by Data Loss Prevention (DLP), which specifically detects and prevents unwanted data leakage.
Conclusion
These new measures aren't just a response to current challenges – they're a crucial step toward a more secure digital world. By identifying risks early, consistently closing vulnerabilities, and adapting security processes to modern challenges, we create a reliable foundation for sustainable data protection and IT security. Especially now, when cyberattacks are becoming more frequent and sophisticated, and cloud computing is the norm, clear structures and proactive action are essential. Intrexx stands behind these new security measures and provides you with the necessary foundation to make your IT sustainable and future-proof.