ISO27001 certification is an internationally recognized standard that specifies requirements for implementing and maintaining data protection and information security measures. It defines the steps that organizations like LOGIC must take to systematically assess and manage their information security risks. The certification confirms that LOGIC has robust procedures and processes in place to ensure the confidentiality, integrity and availability of information, thus ensuring comprehensive protection of sensitive data.
Information security refers to the protection of information from unauthorized access, loss, alteration or destruction. This includes both digital and physical data. At LOGIC, we ensure that all confidential information, including customer data, business data and intellectual property, is fully protected.
LOGIC must protect itself in particular against cyber threats such as phishing, malware, ransomware and targeted attacks (so-called advanced persistent threats). LOGIC relies on a combination of technological measures, training and strict processes to prevent these threats.
The abbreviation ISMS stands for Information Security Management System. An ISMS defines specific rules, methods, processes and measures to manage, control and ensure information security within an organization. It includes policies, procedures and controls that are applied across all areas of the organization to ensure the protection of sensitive information.
At LOGIC, the ISMS is an integral part of our corporate strategy. As part of the ISO27001 certification, our ISMS is regularly audited and its effectiveness is reviewed to ensure that the implemented security measures meet the highest standards and are continuously improved.
The implementation and maintenance of an information security management system (ISMS) according to ISO27001 standards has a direct impact on the way we work at LOGIC. Compared to an uncertified company, which may have less structured security processes, the certification forces us to systematically and regularly review and improve our security measures.
Despite the requirements of the ISO27001 standard, LOGIC remains an agile company. Our work processes are designed to allow us to react flexibly to new requirements without compromising on information security. This enables us to continue developing innovative and reliable solutions while adhering to the highest security standards.
For our partners and customers in the field of media technology, which also includes public television broadcasters and operators of other critical infrastructures (KRITIS), LOGIC's ISO27001 certification offers a reliable basis for cooperation. The certification ensures that we meet the necessary information security requirements and pose a relatively low security risk when working with our partners' and customers' systems.
Access control
At LOGIC, physical access to our data processing systems is regulated by strictly controlled security zones, with only authorized persons being granted access. Visitors are accompanied by authorized personnel. The administration of access rights is documented and regularly reviewed to ensure that only authorized persons have access. Visitors are registered and checked in an administration process to document this.
User access management
At LOGIC, access to our systems is controlled by a comprehensive concept that ensures that only authorized users can access information and systems. This includes the assignment, modification and withdrawal of access rights as well as the use of passwords as close as possible to the recommendations of the BSI and multi-factor authentication. External access is secured by firewalls and encryption.
Access control
LOGIC ensures that employees can only access the data they need to perform their tasks. Access rights are assigned and documented according to the principle of minimal rights assignment, and regular reviews ensure that only necessary access rights remain in place. Non-certified companies could take less systematic approaches here, increasing the risk of unauthorized access.
Logging and monitoring
At LOGIC, all relevant system events are logged, including logins and logouts, password changes and changes to user accounts. These logs are protected from unauthorized access and are regularly reviewed. These measures enable us to track who has accessed which data and identify potential security incidents.
Supplier management
At LOGIC, we place a high value on strict supplier management. We ensure that our suppliers also comply with security standards and are integrated into our security processes. This means that we regularly verify our suppliers' information security practices and ensure their compliance with agreed security requirements. Non-certified companies could take a less systematic approach here, which could mean potential vulnerabilities in the supply chain.
Availability and redundancy
LOGIC ensures the availability and recoverability of data by using backups, redundancies and physical protection of systems. We use, among other things, UPS systems and regular maintenance processes to minimize system failures. Data is secured in such a way that it can be quickly and reliably restored when needed.
Security incidents
In the event of a security incident (e.g. reported vulnerabilities in software or errors by employees), LOGIC has implemented defined processes for rapid detection, reporting and response. These processes are regularly tested and improved to ensure that we can respond quickly and effectively to threats. In uncertified companies, such processes may be less formalized or established, which could increase the response time to security incidents and increase the risk of data loss.
Training and awareness
All employees at LOGIC receive regular training on the latest security threats and internal security policies in accordance with a defined training plan. This ensures that everyone in the organization is aware of the importance of information security and data protection and knows how they can help to maintain it. In uncertified companies, this aspect may be less emphasized, increasing the risk of uninformed or careless actions.