Every other year, operators of critical infrastructures have to prove to the German Federal Office for Information Security that they have implemented security measures to current technological standards. Regardless of which audit basis you choose, you are required to implement an ISMS according to ISO 27001, a BCMS and a risk management system in order to control the actual technical and organisational measures. And this is where TTS trax’ strengths come into play.
B3S Implementation
Once you have decided on a sector-specific safety standard as the basis for testing, TTS trax can provide you with comprehensive assistance in preparing for the BSIG §8a audit.
The increasing importance of information security in general as well as new legal, regulatory and customer-specific requirements motivate companies in almost all sectors to set up and operate an information security management system (ISMS) in accordance with the requirements of ISO 27001. Due to the scope and / or complexity of the required topics, such as the implementation of risk management, IT-based support for ISMS activities is almost indispensable.
TTS trax can support you throughout all phases of the process, starting with the setup, operation and audit of your ISMS.
It is no longer a matter of choice: every company has to protect itself against cyber attacks and data loss/manipulation. Information processing gained tremendous importance and methods and procedures for processing business-relevant information have become correspondingly more complex. The threat level is growing as are legal and contractual requirements, including liability issues.
Where the effects of measures are uncertain, any management should include opportunity and risk management. In this context, it is important to weigh up returns and risks before making a decision. The goal in establishing an effective risk management should be to implement an enterprise-wide process that ensures that all risks to business processes can be fully identified, assessed, tracked and treated. Without the support of an efficient tool, this task is hard to accomplish.
With TTS trax, you are able to analyse your risks based on a model of ‘information processing versus threats to information processing’ and plan and track measures for an appropriate risk level. TTS trax is based on practical experience and has proven its effectiveness in a wide range of companies across sectors. This success is first and foremost due to the fact that a lot of emphasis has been placed on achieving a high level of transparency of the actual risks relevant to liability and on supporting control of the implementation of measures in operations. A sophisticated forms system, drill-down overviews, task-specific views and reports, as well as an intelligent filter system are just a few reasons why TTS trax not only meets the common standards when establishing a risk management, but actually realises an operational development and helps securing the fate of a company in a risk-based manner.
That way TTS trax turns the compulsory exercise of risk management into real added value for the company.
With the increasing digitalisation of all business processes, the risk of security incidents naturally increases as well. That is why it is crucial that risks are identified early on in a project and that suitable measures are planned. Regardless of whether you proceed according to the waterfall model or an agile approach, with TTS trax you can work on risks and measures throughout the different project phases or sprints.
With TTS trax, the risks of your digitalisation strategy become transparent and comprehensible, and a decision about a go-live is supported in the best possible way.
When commonalities count instead of differences
Within any company, there are several disciplines that need to be properly managed on the basis of a systematic approach. Whichever corporate discipline is considered, a model of all relevant processes and procedures is required first in order to be able to manage. With regard to information security and data protection, a model of information processing and data processing respectively is needed. Ideally that model should be one and the same!
In TTS trax, much emphasis has been placed on integrating data protection with information security activities. This supports a large part of the GDPR requirements, e.g. it is possible to
Overall, this opens up significant potential for savings and, above all, leads to consistent assessments and results.
Trax supports you with the BCM module in analyzing the impact of emergency scenarios on business processes in order to develop a planned and organized approach to emergencies and thereby ensure the continuity of business operations.
In the Business Impact Analysis, you systematically identify your organization's requirements for BCMS response and recovery processes. You define possible BCM scenarios, such as a power outage or ransomware attack, that could lead to the disruption of your critical business activities. In the threat analysis you examine the impact of the scenarios on your business activities and develop appropriate strategies to prevent damage. In the end you develop contingency and emergency plans while defining and tracking the associated measures.