ISO 27001 Certification - Trigonum - Managementsysteme für Informationssicherheit und Datenschutz auf Basis Mircosoft 365

ISO 27001 and TISAX Certification

Have you decided to certify your company's Information Security Management System (ISMS)? In an independent audit, our auditors review the implementation of the requirements of the respective certification procedures and provide recommendations for your path towards certification by an accredited certification service provider.

More and more customers are demanding clear proof from their suppliers that an efficient Information Security Management System has been established.

For example, the German Association of the Automotive Industry (VDA) recommends that its members establish an Information Security Management System according to ISO 27001. Increasingly, companies working for clients in the automotive industry require TISAX certification or TISAX approval, without which no new contracts from the automotive industry will be available in the future. This is also based on the ISO 27001 standard.

Companies operating in critical infrastructure sectors must demonstrate to the Federal Office for Information Security (BSI) that they have made suitable arrangements to avoid disruptions to the availability, integrity, authenticity, and confidentiality of their IT systems, components, or processes that are critical to the functionality of their operated critical infrastructure. ISO 27001 is also an important basis for this.

ISO 27001 certification is becoming increasingly important and is a key requirement in many industries to be recognized as a reliable partner for customers.

If you have decided to certify your company's Information Security Management System (ISMS) to ISO 27001, you can hire us to coordinate or conduct the certification process. We work with renowned certification bodies and licensed ISO 27001 auditors based on IT-Grundschutz as well as TISAX auditors. In an independent audit by auditors from the respective certification body, the implementation of the requirements according to the certification procedure is reviewed, and upon success, the certificate is recommended for issuance.

Before an audit begins, the certification body must have the complete certification application. The application includes information about the applicant and a description of the object of the audit, as well as an independence declaration from the auditor.

The audit is then conducted in two steps:

Review and evaluation of the reference documents provided by the company (e.g., IT security policy, risk assessments, results of basic security checks, risk analyses, etc.).
On-site audit at the company, where the implementation of the documented matters is assessed through random sampling. Any deficiencies found during the document review or on-site audit can be corrected within a timeframe specified by the auditor.
If the audit result is positive, the auditor sends the audit report to the certification body. The certification body reviews the audit report for completeness, traceability, and reproducibility of the findings. Upon successful completion of this review process, the certification body issues the certificate.

More and more customers are demanding clear proof from their suppliers that an efficient Information Security Management System has been established.

For example, the German Association of the Automotive Industry (VDA) recommends that its members establish an Information Security Management System according to ISO 27001. Increasingly, companies working for clients in the automotive industry require TISAX certification or TISAX approval, without which no new contracts from the automotive industry will be available in the future. This is also based on the ISO 27001 standard.

Companies operating in critical infrastructure sectors must demonstrate to the Federal Office for Information Security (BSI) that they have made suitable arrangements to avoid disruptions to the availability, integrity, authenticity, and confidentiality of their IT systems, components, or processes that are critical to the functionality of their operated critical infrastructure. ISO 27001 is also an important basis for this.

ISO 27001 certification is becoming increasingly important and is a key requirement in many industries to be recognized as a reliable partner for customers.

If you have decided to certify your company's Information Security Management System (ISMS) to ISO 27001, you can hire us to coordinate or conduct the certification process. We work with renowned certification bodies and licensed ISO 27001 auditors based on IT-Grundschutz as well as TISAX auditors. In an independent audit by auditors from the respective certification body, the implementation of the requirements according to the certification procedure is reviewed, and upon success, the certificate is recommended for issuance.

Before an audit begins, the certification body must have the complete certification application. The application includes information about the applicant and a description of the object of the audit, as well as an independence declaration from the auditor.

The audit is then conducted in two steps:

Review and evaluation of the reference documents provided by the company (e.g., IT security policy, risk assessments, results of basic security checks, risk analyses, etc.).
On-site audit at the company, where the implementation of the documented matters is assessed through random sampling. Any deficiencies found during the document review or on-site audit can be corrected within a timeframe specified by the auditor.
If the audit result is positive, the auditor sends the audit report to the certification body. The certification body reviews the audit report for completeness, traceability, and reproducibility of the findings. Upon successful completion of this review process, the certification body issues the certificate.

Our Services

  • Conducting internal ISMS audits
  • Simulating a certification audit and preparing employees for the certification date
  • Assessing the maturity level of your ISMS and IT infrastructure
  • Identifying discrepancies that may hinder certification
  • Assisting in the selection of a certification service provider
  • Performing ISO 27001 certification audits on behalf of our certification partners

What Sets Us Apart

Comprehensive Solution and Implementation Expertise

Our experienced and highly qualified data protection and information security team has interdisciplinary expertise in the fields of data protection, information security, law, and IT. The team includes lawyers, computer scientists, economists, certified data protection officers, ISO 20000 auditors, IT security officers, as well as ISO 27001 auditors and ISO 27001 lead auditors. They support you in complying with legal requirements as external data protection officers. Through continuous training and knowledge exchange in data protection and IT and information security, our consultants maintain a high level of expertise and stay up-to-date.

Knowledge Transfer through Participation in International Certification Bodies and Expert Networks

Our staff participate in international expert groups, moderate forums, and work as external auditors for internationally active certification bodies. This ensures that our clients have access to up-to-date expert knowledge and information on current trends in the field of information security.

Global Implementation of Management Systems

Trigonum has implemented information security management projects on all five continents. We know how to bring together different cultures to implement global information security standards within your company.

Extensive Experience

Our consultants have years of practical, leadership, and project experience in the fields of data protection, information security, organizational development, and business processes in different sectors and industries, from SMEs to large corporations. Our team combines decades of know-how and experience in implementing information security requirements, as well as building, operating, and advancing information security management systems. The broad spectrum of our proven methods, procedures, and solutions allows for a holistic approach to problem-solving, helping to avoid mistakes.

Increased Security with Certified and Experienced Consultants

For your safety and documentation, our consultants hold various certifications from organizations such as TÜV Rheinland, TÜV Nord, DEKRA, the Data Protection Certification Society (DSZ), and the Federal Office for Information Security (BSI). They serve as certified data protection officers, data protection auditors (DSZ), ISO 27001 lead auditors, ISO 27001 audit team leaders for BSI, IT baseline protection auditors (BSI), ISO 20000 auditors, and IT security officers, providing more security for your business.

Personalized Consultation at Eye Level

Together with you, we develop practical solutions tailored to your company’s needs in an open and personal exchange. We aim to take into account your wishes, ideas, and requirements in the customized solutions we develop.

Tool-Supported Methods to Review Security Structures in Your Company

With our ISMS tool TRIGOvernance, we offer you a unified platform for managing information security. This innovative tool for integrated management systems combines document management, document control, information classification, asset and risk management, processing descriptions, as well as audit and task management. Our customers benefit from the ability to centralize all information and solution components in one place. Processes are simplified, and synergies are leveraged for the representation of different management systems.

Tailored Solutions

Since each company faces different requirements and challenges, we develop customized solutions with you. Your individual needs and requirements are at the center of our approach. Our information security solutions are customer-oriented, take into account the specific conditions of your business, and adhere to high-quality standards. Thanks to our extensive practical experience, we can adapt to your company’s unique situation and implement tailored solutions together.

Targeted Training Programs

We offer targeted training programs tailored specifically to the needs of employees requiring awareness. This ensures that the content is effectively communicated, with a focus on the key aspects of information security. Additionally, we provide specialized training for departments particularly impacted by information security.

ISO 27001 Certification – What Are the Benefits?

  • Strong external impact
  • Opportunity for new customer acquisition
  • More orders through improved supplier ratings
  • Better conditions
  • Structured emergency management to ensure system availability for critical business processes
  • Proof of security to third parties by meeting a globally recognized standard (ISO 27001)
  • Awareness and control of IT risks (residual risks)
  • Transparent processes and optimized structures as a basis for sustainable cost and performance optimization
  • ISO 27001 certification can serve as proof of IT operations compliance for the annual financial audit
  • Minimization of IT risks, potential damages, and follow-up costs
  • Security of your IT systems and processes, as well as confidentiality of your data
  • Competitive advantage through proof of an internationally recognized certificate
  • Increased trust from stakeholders, customers, and the public
  • Systematic identification of vulnerabilities
  • Security becomes an integral part of your business processes

ISO 27001 Certification – What Are the Benefits?

  • Strong external impact
  • Opportunity for new customer acquisition
  • More orders through improved supplier ratings
  • Better conditions
  • Structured emergency management to ensure system availability for critical business processes
  • Proof of security to third parties by meeting a globally recognized standard (ISO 27001)
  • Awareness and control of IT risks (residual risks)
  • Transparent processes and optimized structures as a basis for sustainable cost and performance optimization
  • ISO 27001 certification can serve as proof of IT operations compliance for the annual financial audit
  • Minimization of IT risks, potential damages, and follow-up costs
  • Security of your IT systems and processes, as well as confidentiality of your data
  • Competitive advantage through proof of an internationally recognized certificate
  • Increased trust from stakeholders, customers, and the public
  • Systematic identification of vulnerabilities
  • Security becomes an integral part of your business processes

If you would like to learn more about ISO 27001,
feel free to contact us!

Direct Contact with Trigonum:
+49 40 3199 1618 0
Trigonum GmbH
Notkestrasse 9
22607 Hamburg

    We need the data marked with an asterisk in order to process your enquiry. We process the data you enter in the contact form in accordance with our Privacy policy.