Preparation for certification took nearly a year and now PROSTEP has reached the end of its marathon: The PLM consulting and software house is one of the first 800 German companies to receive coveted ISO 27001:2013 certification. PROSTEP is thus showing its customers just how seriously it takes the subject of data security and that their data is in good hands.
A few weeks ago, following an extensive examination of information and IT security, the external auditors from DQS recommended awarding PROSTEP ISO 27001:2013 certification. This certifies that the company complies with the requirements set out in the standard not only in terms of the security of its IT systems but also at the level of staff conduct. In their concluding report, the auditors praised the team at PROSTEP for their commitment to this process. Even though the organization was already very well positioned due to the many ISO 9001 audits it has undergone in the past, a number of weak points in terms of data security and data protection were eliminated during the past year.
Certification is not a one-off event but an ongoing process. The highly motivated Shield Team has laid the foundations for the long-term safeguarding of information and IT security throughout the company and now has the responsibility of continuously enhancing awareness. Post-audit also means pre-audit. PROSTEP will continue to conduct internal ISO 27001 audits. The next external certification audit by DQS will take place in September 2017.
As part of the continuous improvement process (CIP), it will be necessary to implement a number of measures designed to strengthen IT security over the next few months. In the short and medium term, PROSTEP expects threats from external attacks to increase further and this will have an impact on IT use.