Phases

The model begins with an analysis of the actual situation, which is procedured by an accredited consultant through a requirement analysis (questionnaire with 50 questions).

These questions concern:

  • General (e.g. size of business, number of employees…)
  • Organisational (e.g. directives, rules, instructions, responsibilities…)
  • Technical (e.g. actual IT-Systems, data backup, emergency planning…)
  • Law (e.g. Compliance and services of third parties…)

 

The questionnaire which is open to public can be ordered for free at felix.struve@it-sec-cluster.de

After the evaluation the accredited consultant works out an appropriate IT Security process for the company.

When the company reaches 75% of the requirements, the certificate can be issued.

 

Certification

After the successful implementation of ISA+Information-Security-Analysis the company receives a certificate “safe information” after ISA+ Information-Security-Analysis, valid for the next two years.