atrify GMBH atrify is ISO certified - our path to ISMS @ atrify

atrify has successfully completed ISO / IEC 27001: 2013 and adapted the operation of an Information Security Management System (ISMS for short) to atrify.

We offer our customers simple, secure, reliable and problem-free management of product content via our cloud-based platform. This requires a high level of quality and information security in our processes and the technology used.

ISO / IEC 27001: 2013 - the internationally recognized information security standard
ISO / IEC 27001: 2013 is an internationally recognized information security standard that specifies the framework for the secure operation of an information security management system (ISMS for short). An Information Security Management System - ISMS for short - defines rules and methods to ensure information security in a company. With an ISO certification according to ISO / IEC 27001: 2013, we can guarantee our customers state-of-the-art information security.

The reliability of company-related information processing is of strategic importance for secure business transactions and the basis for many decision-making processes. It is imperative to protect the information in atrify's area of responsibility. Here one generally protects against unacceptable and improper use, misuse, disclosure, modification, loss and destruction and pursues the goal of ensuring sufficient availability of the information and the information processing facilities such as the server.

Safe and responsible handling of data is our core business
A secure and responsible handling of data is our core business and the particular sensitivity in handling information determines our day-to-day business.
For this reason, atrify has decided to have this procedure certified and has established an information security management system (ISMS) in accordance with the international standard ISO / IEC 27001: 2013.

Our way to the ISMS
Atrify, formerly 1WorldSync , had been using an existing ISMS for several years. In the course of the re-establishment of atrify, the company management asked me whether I would like to take on the role of Chief Information Security Officer (CISO), adapt the ISMS to atrify and, above all, align it with the agile corporate philosophy. As the head of our internal IT department, I have always been interested in information security and I have worked with my team for many years to ensure that the relevant ISMS processes are adhered to precisely. With the confidence placed in building an ISMS “atrify-like”, I gladly accepted the challenge.

Scope atrify ISMS
An information security management system that manages all customer information under the control or ownership of atrify GmbH and is housed in the atrify facilities. The scope of the ISMS includes the systems, technologies and processes that atrify GmbH uses in its European facilities for processing, managing and delivering product content to its international customers. In addition, the scope is defined taking into account the external and internal context of the organization, the requirements of interested parties such as customers and regulators, and the limits to third parties.

Milestones ISMS
Before it really started, I first received extensive training and looked for external support. It was important to me to find a company whose ideas about operating an ISMS would match ours as exactly as possible. We created a GAP analysis of the existing documentation and processes and, based on this, created the necessary milestones up to a certifiable ISMS.

1. Definition of the context
2. Guided tour in the ISMS
3. Planning the ISMS
4. Support in the ISMS
5. Operation of the ISMS
6. Evaluation of performance
7. Improvements
8. Implementation of measures up to ISO certification

The audits
Two audit stages are required for the initial certification according to ISO / IEC 27001. In the stage 1 audit, it is checked whether the existing ISMS is certifiable and whether one is approved for the stage 2 audit. In the audit stage 2, it is then checked whether the own guidelines ei