by ISO/IEC 27001 and BSI basic-protection
Persons in charge of a company as a whole or it´s IT tend to answering that question basically positive. Information technology (IT) long affects all areas of business and society. Growing chances come up with growing risk. Data of ever-growing needs to protection are entrusted to information technology. To sufficiently minimize the corresponding risk of using information technology, security-related functionalities must be part of a modern management-approach.
Moreover, the persons in charge for the company and it´s IT, as a consequence of the presence of multiple legislation are not only facing liability within the company, but also from a legal point of view. Here, it is important to understand that managing staff may be held liable by their private assets. In extreme cases, they may even be held liable by criminal prosecution in their capacity of a legal representative of the company.
Of course, you have already implemented comprehensive IT-security measures in your company- but is that already sufficient? The crucial point is the non-binding character of an internal system of regulations towards public authorities.
It is not just about complying with legal requirements, but moreover about transparency and controllability of the corporate organization. That especially includes safety in information-processing and a well working HR-management.
The ability to provide evidence on IT-security in the company towards third parties and by a renowned certification does more and more become of relevance and provides for an indispensable base of trust within the customer-supplier-partner network of relations, e.g. in the fields e-business and e-commerce. Being able to provide evidence for an adequate and consistent level of protection to third parties is a reasonable intent. Besides that, legal provisions such as the act on control and transparency in the corporate sphere (KonTraG) or the Basel-II-rating-regime – concerning the company´s loan-worthiness- do explicitly state a demand for an operational risk-management.
Get in touch with us!