Schmitz Cargobull is now also certified to ISO 27001. The handover of the certificate for the information security management system (ISMS) took place at the IAA Transportation. For this, representatives of DQS, an organisation for the certification of management systems, and representatives of the specialist departments involved met at the Schmitz Cargobull trade fair stand.
The importance of information and IT system security has increased immensely in recent years. By introducing an information security management system (ISMS) compliant with ISO 27001 to manage and continuously improve information security, Schmitz Cargobull is thus providing a clear direction for standardised compliance with these principles in line with its business objectives and corporate philosophy. The framework conditions of the ISMS are set by relevant laws, standards, regulations and requirements from contracts. Their fulfilment is checked by Schmitz Cargobull AG in regular reviews and through internal and external audits. Changes are regularly evaluated and incorporated as part of the continuous improvement process.
“Even though the title only mentions ISO 27001, it must first be noted that it is basically about an entire series of standards known as ISO/IEC 27000, the consistent theme of which is information security, that is, the security of information processing in organisations,” explains Michael Schöller, Head of IT Infrastructure & Services at Schmitz Cargobull. “ISO 27001 is the central part of this series, because it sets out the specifications for an ISMS. As such, it is, so to speak, superior to all other standards in this series. The series itself includes a collection of topic-specific or industry-specific standards, and is very comprehensive in its scope, although only partially realised and published”.
Given the complexity of the matter and the rapid progress of information technology, the information security management system (ISMS) promotes risk awareness and assists in the development and implementation of solutions for the security of information and its environment.
ISO 27001 has its origins in an older British standard (BS7799:1995) and was first published in English in 2005 (German version in 2008), and then in a new, revised version in 2013. In March 2015 this version was also published in German. Two technical corrections appeared in October 2014 and December 2015, prompting a 2017-06 rewrite of ISO 27001 and ISO 27002 in German.
ISO 27001, along with the most successful management standard ISO 9001, has also achieved a high level of international acceptance. This can be seen from the fact that it has found its way into tender documents and security catalogues both nationally and internationally, and some 40,000 organisations worldwide are now certified to this standard – whereby this is a constantly growing trend.