Technical Compliance

Technical Compliance Icon

Technical Compliance

An appropriate security level for your ISMS

How do you care for the technical compliance of your certified security management? We show solutions, how to not only comply with them, but also reach economical, and in terms of risks, an appropriate security level and ensure your ISMS remains technically effective in accordance with ISO/IEC 27001:2013. Furthermore, we give you the certainty that you meet all requirements for certification according to DIN ISO/IEC 27001:2015-02.  In addition, you can be sure that your implemented security measures are effective.

Conventional audits for ISMS are missing the integrated perspective, since their results do not build on each other. In addition processes (risk-, security-, change-, development- and operational processes), which are the most important element in between the individual ISMS-components, are not considered.

Likewise, the interaction between technical and organizational factors is not considered in island audits.

Tech Compliance Solutions

Our solution consists of an extended Security Assessment, comprising modules to review of:

  • ISMS-maturity according to ISO/IEC 27004:2009, ISO/IEC 27007:2011
  • Effectiveness of security controls according to ISO/IEC TR 27008:2011
  • Process maturity according to CMMI
  • The results of this assessment will be prepared in KPIs

Our test method ensures validity and reproducibility of results. The combined use of the above mentioned methods provides in total according to the required standard compliance of Technical Compliance and a significantly increased IT security level.

Your contact person

Ansprechpartner

Andreas Eichmann

Senior account manager
Tel. +49 2173 20363-0
Mail info-at-admeritia.de

Reference projects

  • Extended Security Assessment
    • Area network operators (power/gas)
  • Extended Security Assessment
    • Network provider (telecommunication)
  • Technical Gap Analysis
    • Multiple network operation (power/gas)

more reference projects...

Committee work

  • ISO IEC JTC1 SC27 (WG3 and WG4)
    • ISO
  • Mirror committee NA 043-01-27
    • DIN
  • ISECOM-Board
    • ISECOM

more committee work...

Lectures

  • Operationalization of a network operator ISMS
    • AK IT-SiBe EVU
    • Nov 2016
  • ISMS Introduction at EVU - Problems and Pitfalls
    • AK IT-SiBe EVU
    • Jun 2016
  • Technical Tests for ICS-systems
    • 14. Deutscher IT-Sicherheits-Kongress
    • May 2015
  • Security Level Monitoring - Monitoring and visualizing security
    • BITKOM Security Conference
    • Mar 2014

more lectures...

Publications

  • Technical Tests for ICS-systems
    • 14. German IT Security Congress
    • May 2015
  • Technical Security Tests for ICS-Anlagen
    • SPS IPC Drives Kongress
    • Nov 2014

more publications...