STL GmbH successfully certified according to ISO/IEC 27001:2022
STL GmbH ISO-certified
We are pleased to announce that STL GmbH has been successfully certified according to ISO/IEC 27001:2022 since June 28, 2024. This significant award underlines our commitment to the highest standards of information security and the protection of sensitive data. The approved management system covers the scope “Development and operation of software and services for training, learning and qualification management.” In other words: for our product cimoio, which is used by our customers as a system for learning management and training management.
In this blog post, we explain what this certification means, what benefits it brings for our customers and what steps were necessary to obtain this certification.
What is ISO/IEC 27001:2022?
ISO/IEC 27001:2022 is an international standard that defines the requirements for an information security management system (ISMS). An ISMS is a systematic approach that encompasses people, processes and IT systems to manage information security risks. The standard specifies how an organization identifies, assesses and manages information security risks to ensure the confidentiality, integrity and availability of information.
The 2022 version of ISO/IEC 27001 has been updated to reflect the latest developments and threats in information security. It includes new requirements and clarifications to ensure that the standard keeps pace with the rapidly changing technological landscape.
Why is STL GmbH certified?
Our LMS cimoio is a software system in which we manage personal data in each of our customer projects. On the one hand, this is data from our customers’ employees. On the other hand, it also includes data from employees of our customers’ customers. This data is managed in cimoio primarily for participants.
Our customers have trusted us with their sometimes sensitive data for over 20 years. And we want to honor this trust by not only doing everything in our power internally to protect the data, but also by having this officially confirmed. For this reason, STL GmbH has decided to obtain ISO certification.
Content and scope of the certification
ISO/IEC 27001:2022 certification covers various aspects of information security management. These include, among others
1. Risk management: Identifying and assessing information security risks and implementing risk mitigation measures.
2. Security policies: Developing and implementing security policies that ensure the secure handling of information
3. Organization of information security: Defining responsibilities and accountabilities within the company.
4. Employee training and awareness: Training employees in security issues and raising their awareness of information security.
5. Access control: Ensuring that only authorized persons have access to sensitive information.
6. Cryptography: Use of encryption techniques to protect data.
7. Physical and environmental security: Protecting physical locations and IT infrastructure.
8. Operational security: Measures to ensure the secure operation of IT systems and processes.
9. Communication security: Protection of information during transmission.
10. Supplier relationships: Management of security risks that may arise from third-party vendors.
11. Information security incidents: Managing and responding to security incidents.
12. Continuity management: Ensuring business continuity in the event of disruptions or outages. 13. Compliance with legal and regulatory requirements: Ensure compliance with relevant laws and regulations.
Advantages for our customers
ISO/IEC 27001:2022 certification brings numerous benefits for our customers:
1. Trust and reliability: certification shows that we are committed to maintaining the highest standards of information security. Customers can rest assured that their data is safe with us.
2. Risk minimization: Through our ISMS, we proactively identify and mitigate security risks, which reduces the likelihood of security incidents.
3. Transparency and clarity: Certification ensures clear processes and guidelines for handling information, which leads to improved transparency.
4. Compliance with legal requirements: Our certification helps us to comply with legal and regulatory requirements, which is a decisive criterion for many customers.
5. Continuous improvement: The standard requires continuous improvement of the ISMS, which means that we are always striving to optimize and adapt our security measures.
6. Competitive advantage: As a certified company, we can differentiate ourselves from competitors and emphasize our commitment to security and quality. We hope to increase our customer base. This benefits all customers. Because with STL GmbH’s business model, all customers benefit from system customizations in cimoio.
Steps to obtain the certification
Several steps were required to obtain ISO/IEC 27001:2022 certification:
1. Preparation and planning: thorough preparation is required. This includes defining the scope of the ISMS and conducting a risk analysis.
2. Development and implementation of the ISMS: Setting up an ISMS in accordance with the requirements of the standard, including the creation of security policies and processes
3. Employee training and awareness: Training employees in the security policies and processes to ensure that everyone involved understands their role in the ISMS.
4. Internal audits: Conduct internal audits to review the effectiveness of the ISMS and identify opportunities for improvement.
5. Management review: Management must regularly review the ISMS to ensure it remains effective and compliant.
6. External audit: An independent, accredited auditor reviews the ISMS and ensures that it meets the requirements of ISO/IEC 27001:2022
7. Certification: Following a successful audit, certification is granted, which is usually valid for one year, subject to regular surveillance audits.
Significance of the certification
The ISO/IEC 27001:2022 certification is a significant milestone for STL GmbH. It confirms that we have a robust and effective information security management system that meets the highest international standards. This recognition shows that we continuously strive to protect the confidentiality, integrity and availability of the information entrusted to us.
Audited management standard and scope
During the certification process, the following management standard was audited and approved
ISO/IEC 27001:2022
Information security management system
The approved management system covers the scope:
Development and operation of software and services for training, learning and qualification management.
This audit and approval by independent auditors confirms that our information security management system meets all the requirements of ISO/IEC 27001:2022 and has been effectively implemented.
Conclusion
The ISO/IEC 27001:2022 certification is a testament to STL GmbH’s commitment to information security and demonstrates that we adhere to the highest international standards. We are proud to have received this certification and look forward to continuing to provide secure and reliable services to our customers. The continuous improvement of our security measures remains a key part of our corporate strategy to ensure the protection of our clients’ information at all times.
Do you have feedback?
If you have any questions about our review or would like more information, please use the contact form to let us know what you think!