STL GmbH ISO/IEC 27001:2022 Re-Certification 2026–2027 – Commitment to Information Security Confirmed
STL GmbH has successfully completed its re-certification according to ISO/IEC 27001:2022 . The independent audit was carried out by QAS International. As a result, this once again confirms our continuous commitment to information security, secure processes and the responsible handling of data.
For us, certification is more than just formal proof. Rather, it is an important part of our daily work and demonstrates that information security at STL is structured, verifiable and permanently embedded in our processes.
Especially in the context of digital solutions, cloud-based applications and sensitive customer data, a systematic approach to information security is essential. Therefore ISO/IEC 27001:2022 defines requirements for the implementation, operation, maintenance and continuous improvement of an information security management system, or ISMS. In particular, the aim is to protect confidential information, manage risks effectively and ensure the availability and integrity of data.
Audited and Confirmed by QAS International GmbH
The certification was carried out by the independent certification body QAS International GmbH. As part of the audit, our information security management system was thoroughly reviewed for effectiveness and conformity with the requirements of ISO/IEC 27001:2022.
The scope of the certification covers our information security management system.
Consequently, this confirms that STL has effective processes in place to manage, review and continuously improve information security in the relevant areas of the company.
What We Further Developed as Part of the Certification
The renewed certification confirms existing standards and supports the continuous improvement of our security measures. Over the past year, we implemented various technical and organizational measures to strengthen our ISMS. These measures also enhance the security of our software and internal processes.
Centralization of Identity Management
One important step was the further centralization of our identity management. In the first step, this applies in particular to access to our hosting servers.
By centrally managing user accounts and access rights, permissions can be assigned, reviewed and revoked more consistently. As a result, increases transparency and reduces risks associated with access to critical systems.
Especially in hosting environments, clear and controlled user management is a key component of information security. In this way, it helps ensure that only authorized persons have access to sensitive systems.
Optimized Infrastructure for Build and Deployment
We have also further developed our infrastructure for build and deployment processes. To continue delivering cimoio securely, reliably and on time, we expanded the required server infrastructure. This was achieved by adding a second server.
As a result, throughput is increased when providing new versions. This also helps us support additional customer installations more effectively. At the same time, the expanded infrastructure improves fail-safety: if one of the servers is unavailable, operations remain better secured through the additional infrastructure.
For our customers, this means greater stability and more reliable delivery of updates. It also provides a technical foundation that can grow with increasing requirements.
Adaptation of the Security Architecture in the New Office
As part of our move in November 2025, we also adapted our internal security architecture. This adaptation aligns it with the network infrastructure of our new office.
In this way, we ensure that our security measures are consistently implemented across development, hosting and our workplace. For us, information security does not end with the application itself, rather, it also includes the organizational and technical conditions under which we work.
Regular Audits of Key Security Processes
Another important part of our information security management system is regular audits. Among other things, we review processes in the areas of recovery and user management.
Such audits help us critically examine existing procedures, identify weaknesses at an early stage and implement improvements in a targeted manner. In particularly, an important question is whether defined processes function reliably in an emergency, for example when restoring systems or reviewing user rights.
Regular audits therefore make an important contribution to the continuous improvement of our ISMS.
Additional Security Features in cimoio
Security features have also been further developed within our software cimoio. From version 4.3 onwards, it is possible to restrict entries in HTML fields to permitted elements.
The feature provides more precise control over which content may be processed and displayed in the corresponding fields. As a result, potential risks when entering and processing HTML content can be further reduced.
In this way, users benefit from more control and additional security when working with individual content within the software.
A Clear Signal to Customers and Partners
With the renewed ISO/IEC 27001:2022 certification, we are sending a clear signal to our customers, partners and employees: information security is a high priority at STL and is being continuously developed.
The certification shows that our processes are not only defined internally, but also audited externally. in addition, it confirms our commitment to protecting information responsibly, systematically assessing risks and regularly reviewing security measures.
At the same time, we do not see information security as a one-time project, but as an ongoing process. Therefore new technical requirements, growing customer expectations and changing threat landscapes make it necessary to regularly review and further develop security measures.
Special thanks go to all employees who contribute to information security at STL every day. After all, successful certification is not the achievement of a single individual, but the result of shared responsibility, clear processes and consistent implementation.
Do you have feedback?
Would you like to learn more about our ISO/IEC 27001:2022 certification or our information security measures? Please feel free to contact us.