ISO 27001 - Information security

The gold standard certification for information security. ISO 27001 enables organizations to demonstrate that they have implemented a robust information security management system that protects them from data loss, cyber-attacks and other threats.

ISO 27799 - Information security in healthcare

The pioneering standard for the healthcare sector. Designed to ensure the confidentiality, integrity and availability of sensitive healthcare data, ISO 27799 provides clear guidance for information security management in healthcare.

Risk management for medical IT networks

The standard Application of risk management for IT networks containing medical devices (EN 80001-1:2011) is primarily intended for operators of medical IT networks (hospitals, care facilities and doctors' surgeries, etc.). Like all standards, this standard is not directly mandatory. However, operators of inpatient treatment (hospitals) in particular are obliged to implement it in accordance with Section 75c SGB-V and the industry-specific security standard specified therein. For operators outside of this context (care facilities, medical practices, etc.), however, implementation is recommended in order to counteract possible liability claims. Implementation and documentation are not subject to any formal requirements.

Payment Card Industry Data Security Standard

This standard, usually abbreviated to PCI or PCI-DSS, is a set of rules for payment transactions that relates to the processing of credit card transactions and is supported by all major credit card organizations.

Critical infrastructures or their associations can specify in "sector-specific security standards" (B3S) how the state of the art requirements can be met. B3S can be submitted to the BSI to determine suitability. There is no legal obligation to draw up a B3S. However, the creation of a B3S is an opportunity for industries to formulate their own "state of the art" requirements based on their expertise. Furthermore, operators who have themselves audited according to such a recognized B3S have legal certainty regarding the "state of the art" that is required and checked during an audit.

IT-Grundschutz is a freely available procedure developed by the German Federal Office for Information Security (BSI) for implementing a holistic information security management system (ISMS) in institutions (authorities, companies and organizations). The main works of IT Grundschutz are the BSI standards and the IT Grundschutz compendium. Together, they represent a de facto standard for IT security according to the BSI.

Zero Trust is an important tool for preventing cyberattacks by distrusting all assets on the network and requiring unique authentication for each network connection. ARP-GUARD provides a unique identity check for all devices and enables maximum transparency, control and security for your network, regardless of the size of the company and the network technology used.