Gilt die Zertifizierung für alle Standorte und Services von Pond Security?

Sie gilt für das im Zertifikat definierte Geltungsfeld. Den konkreten Scope nennen wir in Angeboten und auf Anfrage.

Was genau hat sich in Annex A geändert?

Annex A umfasst nun 93 statt 114 Kontrollen, gebündelt in vier Themen. Hintergrund sind Konsolidierungen, neue Kontrollen und modernisierte Beschreibungen.

Wie unterscheiden sich Stage 1 und Stage 2?

Stage 1 bewertet Dokumentation und Reifegrad. Stage 2 prüft Umsetzung und Wirksamkeit in der Praxis. Danach folgen jährliche Überwachungsaudits und eine Rezertifizierung nach drei Jahren.

Worin unterscheidet sich ISO 27001 von ISO 27002?

ISO 27001 enthält die Anforderungen an das Managementsystem, ISO 27002 liefert die Umsetzungshilfen und Erläuterungen zu den Kontrollen.

ISO 27001:2022 at Pond Security

For us, information security is not a project, but part of our everyday routine. With ISO 27001:2022 certification, we demonstrate that our information security management system functions reliably, is regularly audited, and is continuously improved.

What lies behind ISO 27001:2022

ISO/IEC 27001 is the globally recognized standard for ISMS. It describes requirements for systematically protecting information, assessing and controlling risks, and continuously improving processes. This is crucial for security companies because our customers' data, processes, and infrastructures are particularly sensitive. Annex A of the standard provides the corresponding library of measures, which is explained in detail in ISO/IEC 27002.

What's new in the 2022 version

The 2022 version reorganizes Annex A. Instead of 14 domains, there are now four topics: Organizational, People, Physical, Technological. The number of measures has been consolidated from 114 to 93. At the same time, eleven new controls have been added. In addition, several controls have been merged and assigned attributes and a purpose. This allows them to be assigned to more modern threats such as cloud or supply chain risks.

The four topics at a glance

Organizational: Governance, policies, asset management, supplier management, business continuity
People: Training, security awareness, regulated access rights for individuals
Physical: Access control, protection of buildings and workplaces
Technological: Cryptography, network security, logging, monitoring, and hardening

This structure with 93 controls forms the basis of our technical and organizational measures.

Our scope at Pond Security

Our certification covers Pond Security's defined ISMS scope. This includes the relevant business areas, locations, and core processes. The scope specifies which services, interfaces, and dependencies are covered, thereby providing clarity for customers in tenders and audits.

How our ISMS works in everyday life

We manage information security using the PDCA cycle: Plan, Do, Check, Act. With clear roles, guidelines, procedures, and evidence. Key elements include risk management, the Statement of Applicability (SoA) for selecting controls, internal audits, and management reviews. This mechanism corresponds to the core of ISO 27001, while Annex A provides the specific measures.

Annex A in practice. Examples from the four topics

Organisational: Supplier management and information classification, for example contract specifications, risk and performance controls along the supply chain.

People: Security awareness, training rates, authorizations throughout the employee lifecycle.

Physical: Multi-level access concepts for locations, technical and organizational protective measures.

Technological: Network segmentation, encryption, logging, continuous monitoring, vulnerability and patch management.

What certification brings you

Verifiable safety: An independent auditor reviews the introduction, implementation, and effectiveness of our ISMS.

Reliability in tenders: Clear scope, traceable controls, recognized test cycles.

Risk transparency: Systematic identification, assessment, and treatment of risks.

How an ISO 27001 audit works

Certification takes place in two stages. In Stage 1 the auditor checks documentation and maturity. Stage 2 he evaluates practical effectiveness. After successful certification, the certificate is typically valid for three years. Annual surveillance audits At the end, recertification takes place..

Governance and continuous improvement

We continuously measure and improve, for example, using key figures on incidents, training rates, and audit findings. Deviations are addressed with corrective measures. Stakeholder feedback from projects, supplier evaluations, and customer feedback flows directly into the PDCA cycle. This ensures the quality and maturity of our ISMS.

Interconnection with other requirements

Our ISMS can be efficiently combined with other management systems, such as quality management according to ISO 9001 or emergency and continuity management. The 2022 revision promotes this harmonization. Requirements from data protection and industry-specific regulations are also addressed in a structured manner.

Send us your request today!

Frequently asked questions about ISO 27001:2022

Does the certification apply to all Pond Security locations and services?

It applies to the scope defined in the certificate. We specify the specific scope in quotations and upon request.

What exactly has changed in Annex A?

Annex A now comprises 93 controls instead of 114, grouped into four topics. This is due to consolidations, new controls, and modernized descriptions.

How do Stage 1 and Stage 2 differ?

Stage 1 assesses documentation and maturity. Stage 2 examines implementation and effectiveness in practice. This is followed by annual surveillance audits and recertification after three years.

How does ISO 27001 differ from ISO 27002?

ISO 27001 contains the requirements for the management system, while ISO 27002 provides implementation guidance and explanations of the controls.

If you have any further questions, please do not hesitate to contact us.

Your trusted security partner.

Leading companies and institutions rely on Pond Security. Our security solutions protect well-known organizations in industry, commerce and the public sector nationwide.

Your trusted security partner.

Leading companies and institutions rely on Pond Security. Our security solutions protect well-known organizations in industry, commerce and the public sector nationwide.