Since the end of 2019 mgm technology partners has implemented an Information Security Management System (ISMS), which was certified according to ISO/IEC 27001:2013 at the beginning of 2020.
This makes mgm part of a still relatively small number of organisations who have developed an ISMS to ISO 27001. According to the official ISO 27001 statistics, there were just 1057 valid certificates (for 2003 company sites) in Germany at the end of 2018 and 31,910 certificates (for 59,934) worldwide. In comparison, there were over 47,000 valid certificates for the ISO 9001:2015 quality management standard in Germany (worldwide: nearly 879,000).
The management team and a few specialist departments started to consider the idea of developing an ISMS and striving for ISO 27001 certification from an independent body back in January 2019. The standard is perfect for mgm in two ways.
- Firstly, mgm is a technology company, with teams developing complex business applications, sometimes in highly sensitive areas. The company therefore already has a keen interest in clear processes for secure working environments – this is entrenched in the organisation.
- Unlike many other standards, ISO 27001 does not prescribe a rigid list of processes and measures, but focuses on the individual and also changing risks of an organization - efficiently and effectively for mgm as a growing company.
The ISMS has been implemented at the Munich (headquarter), Leipzig and Hamburg sites, as well as for mgm security partners at the Munich site. The plan is to extend it to other sites and mgm companies.