Companies and public administration agencies are increasingly
being put under pressure. More and more customers and partners, who have business contacts
with them, expect that they can prove, for their IT integrated system, the implementation
of all necessary security standards measures and a defined IT security level within their
IT infrastructure.
 This
has been recognised by the German Information
Security Agency (GISA), which at the beginning of the year introduced a Security Certificate
on the basis of the generally recognised IT Security Handbook. The certificate can be obtained
by companies and governmental agencies if the integrated IT system meets the requirements
for basic protection and this is confirmed by an independent licensed auditor. As an intermediate
step there is also the possibility of a self-declaration which can be submitted by the respective
organisation itself and can be, if requested, substantiated by the appraisal of an auditor.
Interested parties can, since July 2002, also be audited by a GISA-approved basic protection
auditor, by IABG. Companies/agencies which have obtained a positive audit receive, analogously
to quality or environmental management certificates, an IT security certificate valid for
two years issued by GISA. This IT security certificate documents cogently compliance with
the security measures. It strengthens the relationship of trust with customers and business
partners and documents over and above this the investments made in IT security. IT experts
expect that the possession of such a security certificate will, in the medium term, be linked
to noticeable competitive advantages.
This insight is not illusory but results in the final instance from long years of experience.
IABG has long been a GISA-accredited and licensed tester for IT systems and products in
accordance with internationally recognised 'Common Criteria' evaluation criteria and compiles
IT security concepts for many companies and governmental agencies.
08/01/02
printerfriendly Version |
