Go Digital. For sure. This motto both obliges and motivates us to do everything we can to ensure the security of the information entrusted to us!
The development and introduction of a safety program is fundamental to this. One of the most important components of the security program is the implementation of an information management system (ISMS). This ISMS supports and enables the planning and control of all requirements and risks and their implementation and mitigation measures. The international standard ISO 27001 helps us to set up and maintain the ISMS. This formulates the essential measures and controls (in the form of requirements) for the secure handling of information. The ISO 27002 guideline, also published in the series, offers practical and proven implementation tips, for example in the areas of information security organization, personnel security, cryptography, operational security and information security aspects of business continuity management.
We are proud that the security program of Westernacher Solutions with the Information Security Management System (ISMS) has been certified according to ISO 27001 since 2021! Information security is thus demonstrably guaranteed across all locations, organizational units and company processes. Once again this year, we were able to successfully complete the surveillance audit and thus confirm our certification. All our efforts over the past year to maintain and further advance our information security under all circumstances convinced not only our customers and partners, but also the auditors once again. The positive feedback from the auditors, especially regarding the management of risks and the handling of hazards and incidents, once again rewards us for a year of hard work and shows us and others that we have tackled the issue in the best possible way and continue to do so.
Our aim is always to take a holistic approach to data protection and information security. The comprehensive involvement of employees is important for this. For this reason, employee awareness was once again the focus of our efforts in 2022. A central, harmonized guideline that regulates the secure handling of data and information is essential for us and our employees. It is the first point of contact when it comes to the secure handling of information and therefore has a decisive influence on the security of the information.
In addition to organizational measures, we also implemented technical measures in 2022. Here we have focused in particular on the topic of Logging and monitoring (from Control A.12.4). We have managed to further develop our approach, particularly through automation, and to make the monitoring of our information technology scalable for the further growth of the company. Regardless of whether we are dealing with systems at our sites or in the cloud, information security and, above all, our ability to detect potentially anomalous behavior has become a good deal more mature.
We were also able to convince the auditors that our new objectives and measures will make a significant contribution to ensuring the security of information in the company in the future. E.g. our employee awareness strategy will be significantly enhanced in 2023. We should succeed in meeting all employees where they are at the moment. We also want to delve deeper into the individual characteristics of the different roles in the company and offer employees the opportunity to think about information security holistically in their area of responsibility.


Your contact person
Tobias Müller
Competence Center Lead Digital Security
