Certification & Information security

Increasing digitization brings new challenges in terms of information security.

The importance of certifications has increased.

The increased percentage of digital work is a challenge for IT and information security. – At the same time, more restrictive legal requirements are becoming more important. A functioning Information Security Management System (ISMS) is necessary to safeguard the confidentiality, integrity and availability of data. Certifications such as ISO 27001 or TISAX provide objective information about the respective information security maturity level of organizations.  

The implementation and certification of an ISMS is also an opportunity to reduce costs by optimizing process and IT costs, to differentiate performance from suppliers and to minimize risks. 

EFS’s modular system for “Information Security & Certification Support” offers different modules according to the respective requirements in order to set up an Information Security Management System (ISMS) with reasonable effort and to achieve certification.


The EFS Information Security Check is a standardized procedure for quickly obtaining a transparent assessment of an organization’s information security maturity level. It creates the base for developing or improving the Information Security Management System (ISMS). 


  • Analyzing and evaluating information security measures 
  • Identification of gaps, risks and potential for improvement 
  • Evaluation of protection requirements

Together with customers – and from the perspective of the business units – we identify sensible points for setting up the Information Security Management System (ISMS) and optimizing it continuously and according to plan. 


  • Identifying and implementing measures for setting up the Information Security Management System 
  • Designing and developing strategic and operational processes for the information security management system 
  • Structuring and detailing guidelines and documents 

For the organizational implementation of the Information Security Management System (ISMS), we determine the right level of control, according to the requirements of the business processes. 


  • Setting up the governance framework (organizational structures, roles, documentation systems) 
  • Assessment and implementation of variations and tools for the technological realization of the Information Security Management System 
  • Creation of the communication strategy and resource planning

We prepare the Information Security Management System (ISMS) and the organization for the audit by sensibly considering risk minimization, benefits, and effort and create the requirements for obtaining certification. 


  • Planning and implementation of an internal assessment 
  • Identify risks, vulnerabilities and gaps regarding to certification requirements 
  • Develop and implement a perfect action plan 

For an efficient completion of the audit, we define an optimized preparation together with our customers in advance. – We know how to realistically assess the scope for action and how to use it sensibly in the audit. 


  • Coaching and preparation for management and internal experts before the audit 
  • Active support during and participation in audit meetings 
  • Evaluation of audit reports 

Taking into account optimized lead times, we carry out a needs-based definition and implementation of measures for acceptance by the auditor and for successful attainment of certification. 


  • Defining measures to eliminate risks, weaknesses and gaps 
  • Managing and documenting the implementation of measures 
  • Supporting the acceptance of the measures by the auditor 

Wir verwenden den Remarketing-Pixel von Facebook um unseren Besuchern zielgerichtete Informationen in unserem Onlineangebot zu bieten. Sie können der Verwendung für Facebook Remarketing zustimmen bzw. diese ablehnen. Wenn Sie nicht zustimmen, werden keine Daten über den Facebook Pixel erfasst. Mehr erfahren Sie in unserer Datenschutzerklärung