Geis has successfully obtained certification for its information security management system in accordance with ISO/IEC 27001. An independent audit confirmed the company's systematic approach to data protection, IT systems, and cybersecurity. The certification is an important signal to customers, partners, and employees alike.
The Geis Group has long placed great emphasis on information system security and data protection. Cybersecurity is a key component of the stable operation and reliable services that the company provides to its customers and business partners. Successful ISO 27001 certification confirms that these areas are managed consistently and in accordance with internationally recognized standards.
"For us, ISO 27001 certification is not just a formal confirmation, but above all proof that we manage cybersecurity systematically and on a long-term basis. It gives us a clear framework for data protection, stable IT system operation, and further security development across the entire company," says Jan Tafat, IT Director at Geis CEE.
The IT and Quality departments collaborated on the implementation of the system, building on their experience with management systems according to ISO 9001, 14001, and 45001 standards and utilizing the already existing high standard of technical security for IT infrastructure and data.
The new system c
reates a comprehensive framework for cybersecurity management throughout the company. It covers the areas of risk identification and management, system monitoring and protection, data integrity and security, access management, encryption of sensitive information, and physical security of workplaces. It also includes oversight of IT suppliers and the secure development of proprietary systems.
The project also included setting up documentation, guidelines, and work procedures, expanding internal audits to include information security, and emphasizing regular employee training in the safe use of IT tools.
The certification took the form of a two-stage audit carried out by the renowned company TÜV SÜD. The scope of the certification covers the provision of IT services – infrastructure, applications, project management, support, and information security – for both internal and external customers. Thanks to the central architecture of the IT systems, the implemented system benefits employees, clients, and partners in all regions where the Geis Group operates.
