Andreas Wisler
CSMO of goSecurity GmbH

Information security: steps to a successful implementation

The legal and regulatory requirements for information security are becoming more complex. Companies want to keep their data secure from threats and attacks. To demonstrate to partners, suppliers and customers that companies are tackling these issues, a certification is becoming increasingly more important.

The ISO 27001 certification is an information security framework that helps maintain an Information Security Management System (ISMS), and attests companies’ endeavours towards a successful implementation of information security.

Obtaining the certification, however, is a complex process. Expert in the field, Andreas Wisler, explains the procedure, its importance, and what companies need to do to get the ISO 27001 certification.

1. When a company decides to obtain the ISO 27001 certification, what are the prerequisites it needs to comply with first?

Andreas Wisler: The first step requires the identification of the company’s own processes. These are assigned a criticality level, for example: low, medium, high. The second step consists of naming and allocating assets, such as servers, networks, patents, ideas, clients, etc., to the processes. These are attributed with the highest level of criticality. The third step is to apply a risk analysis to the medium and high urgency-labelled processes. This leads to a set of precise measures that need to be taken.

2. How can a company make sure that security of information is prioritised and implemented on an ongoing basis?

Andreas Wisler: The standard requires backup from the management team that is explicitly asked to provide the necessary assets - people, time, budget, and other resources. At least once a year, the management must undergo a management review. This ensures that the information security has the significance and attention it deserves.

3. What is the most important lesson young companies like Sherpany need to understand while in the process of obtaining the ISO/IEC 27001 certification?

Andreas Wisler: Security is an ongoing process. It is not enough to just do something once. Requirements are in a constant state of flux. Therefore, the information security needs to be regularly adjusted to new conditions and changing circumstances. This guarantees that data and information are handled in a more secure way.

Insights and Resources


Insights and Resources

We provide resources to help Leaders and Administrators to achieve more through their meetings, including: expert interviews, articles, white papers, guides, and case studies.

Our content focusses on the themes of:

  • Meeting Management
  • Digital Transformation
  • Agile Leadership

Try Sherpany

We are glad to provide you with a personalised demonstration of Sherpany at a suitable time and location. Simply fill in the form and we will get in touch with you shortly.

Contact us

If you would like to talk to us about our solution or have specific requests, contact us and we will get in touch with you shortly.

Request pricing

Fill in the form and you will be contacted as soon as possible.

Subscribe Newsletter