When our customers started auditing us to maintain their own certification, we became aware that our company was well situated to obtain certification in security management. In any event, comprehensive security was already a core value, and all we had to do was reconfigure existing procedures into a management system in compliance with the standard. Our mission is to minimize the risk of downtime for our customers, and data security is key to this mission. Despite the ideal prerequisites, it still took a bit of effort to obtain certification. Our intuitive need for managed security is now firmly established within a clear framework. We can now offer the certificate to our customers as proof of our expertise in information security. The auditors of major DAX companies have long been aware of the significance of IT security in a business context, and they demand it from their clients. As a consequence, service providers who are ISO 27001-certified are in greater demand, including by DAX companies.
A secure network and hosting environment
We are certified according to ISO 27001, and we specialize in highly secure hosting environments. Maximum data security is stipulated in statutory regulations and compliance requirements such as Basel II and SOX as well as in-house safety guidelines. You can confidently rely on mpex as a hosting partner: We seek to maintain confidentiality, availability and comprehensive data hosting every day around-the-clock.More on security
Facts and figures
„Expertise and security are essential corporate values that we live by.“
Dirk Bösel Information security officer at mpex
Physical securityLearn more
Physically, we protect our information-processing facilities from unwanted access by preventing the loss, damage, theft or sabotage of data, IT systems and equipment.
Technical securityLearn more
We offer high-performance systems with rigorous safety standards to ensure operating and data security. Every aspect of operation is monitored, data is proactively backed up, and precautionary measures are in place for disaster recovery.
Process securityLearn more
We direct to the ongoing improvement of our security in an information security management system (ISMS): Risks and security-related events, change and emergency management are controlled by the ISMS system.
Personnel securityLearn more
When security requirements are paramount, it is essential to employ qualified personnel. We offer regular training sessions to ensure that employees and service providers are cognizant of their responsibilities and can confidently execute them.
Certified according to ISO 27001:2013
mpex ist certified according to ISO 27001 since 2013. ISO 27001 is an internationally recognized information security standard. It outlines a comprehensive safety strategy in which IT is an essential but not exclusive component. To become certified, all the processes and conditions that affect information security must be taken into account. Data security and safety are obvious considerations. Reliability and sufficient employee qualification are also relevant factors. Furthermore, the standard requires the continuous improvement of in-house safety strategies. The principles of quality management outlined in ISO 27001 are put into effect. Independent agencies perform annual audits to determine compliance.Go to mpex's ISO 27001-certificate
Business advantages of ISO 27001 certification
- What specifically does certification according to ISO 27001 entail?
- What was the motivating factor for obtaining certification of information security within your company?
By definition, information security means maintaining data confidentiality, integrity and availability. This also includes processing systems. ISO 27001 specifies the requirements for managing information security as well as IT security procedures. A list of security measures are not offered. Rather, an ongoing approach for maintaining information security is required which each certified company must develop and implement on its own. An information security management system (ISMS) involves more than just IT security or data protection. Key elements include the management of risk, security-related events, interruptions of operation and emergencies, as well as the qualification and training of all parties involved. Companies that maintain an ISO 27001-compliant ISMS are entitled to receive certification. The certificate is valid for three years, although it is monitored annually by the certifying body in an audit.
- What added value is derived from using certified security measures in day-to-day operations?
Information security management as defined by ISO 27001 forms a framework for every procedure within the company. Guidelines and work instructions allow weak points and safety-related incidents to be handled in a coordinated and verifiable manner. Recurring processes over the normal course of business are streamlined with regard to security. Everyone is subject to a binding common denominator. Take technical change management, for example. In this area, we have experienced significant improvement in avoiding problems. Previously, changes to technical systems were unsystematic even though they were planned. Now, changes that are implemented based on the work instructions developed from ISO 27001 certification are not only planned but reproducible, are not subject to fluctuations in quality, and remain unaffected by employee experience.
- What are the benefits for mpex customers from ISO 27001 certification?
By working with ISO 27001-compliant service providers, customers can effectively counteract the increasing hazards of digital information processing. Furthermore, they can more effectively satisfy the security requirements of their own customers and position themselves more attractively by minimizing IT risk. That is, when IT security is important to a company, it is logical for them to look for service providers who are ISO 27001-certified. Since acquiring certification, our prices have not increased. In addition, we do offer special products relating to our certification. In other words, we did not charge customers any more because we are ISO 27001-certified. It is important for our customers to know that they retain the final say about their systems and can configure them as they see fit. The underlying infrastructure at mpex is, however, subject to information security management according to ISO 27001. We do offer consulting services to our customers with regard to information security. Customers can profit from our experience with ISO 27001 certification.
- What challenges were associated with implementing ISO requirements?
We have an information security officer who is responsible for implementing ISO 27001 requirements. This makes things easier since it streamlines the implementation of security management above and beyond the planning stage. The final responsibility for implementing the security management guidelines lies with our team. It is our great fortune to work with a team that is capable of performing efficiently despite the slight amount of extra effort. The individualized documentation requirement associated with ISO 27001 certification makes it easier in practice to comprehend processes that occurred along while ago. This increases efficiency and compensates for the extra effort required for documentation.
- What should entrepreneurs bear in mind who are considering ISO 27001 certification for their company?
The great challenge is to develop an information security management system that is tailored to the company and its interests. In practical terms, the first thing to consider is the existing configuration of the company. If a ticket system is being used, for example, it may already satisfy some elements of the documentation requirement. Any company that wishes to become certified must perform a risk analysis that identifies and documents weak points. The company is free to choose precisely how to eliminate these weak points. The timeline for planning, organizing and implementing an information security management system according to ISO 27001 should also be considered. The project timeline for initial certification according to ISO 27001 generally takes more than a year. It is particularly important to convince employees of the advantages since they will have to undergo training. At mpex, listening to employee input starting from the planning stage proved to be beneficial. As they perform their jobs, what uncertainties can they anticipate when implementing the guidelines and work instructions? It is important for management to pave the way, such as by coming up with schedules for implementing the requirements of the safety guidelines. Another important consideration is to find the right outside consultants. Competent and reliable support can save a lot of time and frustration. In addition, entrepreneurs must be aware that ISO certification is a lifelong commitment. It also must be borne in mind that companies need to be regularly recertified. This is to ensure that the quality of the safety management system is at least maintained or even enhanced through a continuous improvement process. A significant amount of independent internalization and interpretation of the ISO guidelines is required. The ISO guidelines are just that, as opposed to specific procedures or instructions. The company itself is responsible for developing specific requirements which can be tailored to the respective needs and procedures of the company and its customers. The certified information security management system must become a daily part of company life and exemplified by top management so that employees can bear it in mind without feeling that it is an imposition. ISO 27001 has become part of our corporate culture, which was made easier by the fact that competence and security were already key company values.
Are you looking for a hosting provider with ISO certification? Feel free to contact us!
|Telephone:||+49 30 780 97 180|