Security Management
Organizational and legal IT-Security
Our competence area GRC bundles all activities in the conflict area of IT-security directed Governance, Risk & Compliance (IT-GRC). Here our specialists and lawyers support you to design and create guidelines. We also assist you to implement, optimize and operate IT-risk management and, if necessary, to comply with any existing internal and external standards.
To achieve this we focus on technical design and effectiveness of GRC-measures in the interrelation of humans, strategies, technologies and processes. It is important to our customers that GRC-measures for appropriate IT security develop technical operational effectiveness and should not only be indicated on paper.
Our solutions include
- Security Management (ISMS nach ISO/IEC 27001:2013)
- Organizational Gap-analysis
- Creation of security guidelines, -processes and -procedures
- DSGVO compliant
- ISMS implementation on organizational level according to ISO/IEC 27001:2013 as well as BSI-100 series (basic protection)
- Security concepts / Controls
- Development of Incident Management
- Technical Compliance according to ISO/IEC 27001:2013
- Risk Management
- Risk-assessment in consideration of results of security tests, business risk strategy and core business processes
- Integration of IT-risk management into corporate risk management
- DSGVO implementation
- Privacy Assessments
- Privacy Capability Assessment
- Privacy Management
- ISMS for Privacy Management
- Privacy Implementation
- Privacy Architecture Engineering
- Process-Assessments
- Development of KPIs for measuring and monitoring IT security
- Acceptance of mandates
- as company data protection officer (bDSB)
- as safety officer (SiBe)
- Introduction of emergency management based on the standards BS 25999 or BSI-100-4
- Technical and legal expertise
Your contact person
Andreas Eichmann
Senior account manager
Tel. +49 2173 20363-0
Mail info-at-admeritia.de
Reference projects
- ISMS structure
- Area and transmission system operators
- Data protection mandates
- Various companies
- Risk analysis
- Various automation companies
Committee work
- Mirror committee NA 043-01-27
- DIN
- ISO IEC JTC1 SC27 (WG3 und WG4)
- ISO
- KITS Advisory board
- KITS
Lectures
- Practical report - Development of an ISMS at an area network operator
- VDE Symposium
- Sep 2016
- Security Safety (SIS) requirements in accordance with the IEC 61511 standard
- Safety & Security Forum
- Jul 2016
- Recommended implementation of a detailed risk assessment according to IEC 62443 - 2 - 1
- VDI Automation
- Jun 2015
Publications
- Security Safety (SIS) requirements in accordance with the IEC 61511 standard
- Automation 2016
- Jun 2016
- Recommended implementation of a detailed risk assessment according to IEC 62443 - 2 - 1
- VDI Automation
- Jun 2015
- ISMS: Pure paperwork or technically effective?
- EW
- Apr 2015