primion first supplier with ISO/IEC 27001/2013 for "Time & Security"
primion Technology GmbH is the first company in Germany to receive ISO/IEC 27001:2013 certification for information security in the area of "Time & Security". In this way, primion Technology GmbH is able to offer its customers greater reliability and security. Customers do not need to carry out their own audit to ensure that their information security requirements are met. These are described in detail in ISO/IEC 27001:2013.
The extension of the management system DIN EN ISO 9001:2015 and DIN EN ISO 14001:2015 integrated at primion Technology GmbH to include this coveted certificate thus impressively documents the reliability of processes in dealing with sensitive customer data within the scope of the hardware and software development of access control, time and attendance, shop floor data collection systems and hazard management systems. Based on the provisions of ISO/IEC 27001, it covers the guarantee and maintenance of confidentiality, integrity and availability of information (CIA).
Data security is guaranteed
The TüV SÜD auditor carried out the audit at the headquarters in Stetten am kalten Markt; TüV SÜD Management Service GmbH was subsequently responsible for the veto check, which was successfully completed on 30 September 2019. This makes the IT system house for access control, time recording and security technology the only company in Germany to date with a certified information security management system in the "Time & Security" area.
Competitive advantage and security gain
ISO 27001 encompasses a comprehensive security concept independent of industry and size that reflects the company's self-interest. The implementation of the security concept and the additional certificate for information security that has now been acquired are a clear competitive advantage for primion. They impressively document that the legal requirements are met, that the (IT) risk can be recognized and classified within the company and, above all, that it can be minimized, thus guaranteeing customers and clients a high standard.
The legislator does not require this certification according to ISO 27001. Irrespective of this, ISO 27001 facilitates compliance with legal requirements and offers many entrepreneurial advantages. With this certification it can be proven, for example, that the security requirements, the technical and organisational measures in accordance with Art. 28 DSGVO (contract processors), Art. 5 DSGVO (processing principles), Art. 32 DSGVO (security of processing) and § 64 BDSG (data processing security requirements) are fulfilled and complied with.
Information security according to ISO/IEC 27001
- Confidentiality: Protection of information against unauthorized disclosure (Confidentiality)
- Integrity: Protection of information from modification, insertion, deletion, reordering, duplication or replay (Integrity)
- Information availability: Ensuring the accessibility and usability of information for authorized instances (Availability)
- Authenticity: Authenticity of information or identities.
- Attributability: assumption of responsibility, accountability and/or liability for information values (Assets)
- Commitment: Nobody can deny or deny the sending or receiving of information (Proof of Origin, Proof of Delivery).
- Reliability: Ensuring consistent behaviour and delivery of intended results by a person or entity (Consistent Delivery).