CERTIFIED QUALITY AND SECURITY
The purpose for introducing a Quality and Information Security Management System is to provide our customers with the best possible quality and IT security, and to start a continuous process of improvement. All services offered and provided by INS are covered by the scope of the certificates issued by DQS: “Design, realization and operating of complex IT services and IT solutions as Managed Service IT provider. Distribution, installation and support of hard and software, application development, technology and process consulting.”.
INS sees the maintenance of equal high standards for Quality and Information Security, and a continued improvement of our processes and services as an integral part of our product portfolio. This philosophy is reflected in the use of the modern integrated Management System depicted in iGrafx®, which focuses and visualizes all company processes.
The international standard DIN EN ISO 9001 is one of the oldest and most widespread QM procedures worldwide. It defines the essential fundamental principles of modern Quality Management and provides clear requirements for a cross-sectoral QM System.
The certificate for this international standard is awarded to companies, which
• permanently provide products and/or services according to the customer’s requirements and in accordance with all statutory and official terms,
• always strive to achieve a higher customer satisfaction,
• treat risks and opportunities in the context of their own targets, as well as those
• can prove their compliance according to the requirements of the Quality Management System at any time.
The DIN ISO 9001: 2015, which was published in September 2015, contains a number of key changes in comparison to the previous version. Thus, the Quality Management System must match the strategic orientation of the organization exactly. Moreover, all relevant target groups – e.g. customers, suppliers, employees or partner companies – must be defined exactly. Other innovations pertain to the risk and opportunity management, as well as the systematic handling of the organization’s knowledge.
The international standard ISO/IEC 27001 specifies the requirements for the establishment, implementation, maintenance, and continuous improvement of a documented Information Security Management System, taking into account the context of the organization. Additionally, the standard frames the requirements for the assessment and treatment of information security risks in accordance with the individual needs of a company. The normative part of the standard (Annex A) is groundbreaking in regards to the certification. This part describes measure objectives and measures – the so-called “ISO Controls”. Ultimately, they specify which information security objectives to implement. Of course, always in light of the three core values: confidentiality, availability, and integrity. The goal of the standard is a holistic, but above all, individually coordinated protection concept, which is continuously improved and developed further. In receiving the certification according to ISO/IEC 27001: 2013 INS documents the successful practice and its high standards in terms of security regarding data and information processing.
INS continuous to invest in the implementation of numerous security measures based on the requirements of the ISO / IEC 27001: 2013 and the implementation recommendations according to the ISO / IEC 27002. In January 2018, an additional component was added in the form of the PCI DSS 3.2.1 certification. This certification certifies that INS fulfills the maximum security criteria in regards to handling credit card data. In order to do this, INS had to undergo a comprehensive audit process which has to be repeated every year.