, Head of Audit Service Management at CERTIVATION GmbH summarizes the importance of an information security management system.
ConfidentialityThe protection goal "Confidentiality" exists when it is ensured that information can only be accessed by the participants (customers, partners, employees, suppliers) if it was intended for the respective participants. Confidentiality thus excludes the possibility of an unauthorized "third party" accessing information. As part of the ISO 27001 certification, for example, it is checked whether oculavis has implemented procedures and processes to ensure that the communication, storage, and transmission of information within oculavis and the products developed by oculavis is secure. Among other aspects, this includes that any communication with oculavis SHARE is only possible via an encrypted connection.
IntegrityThe protection goal "integrity" exists if the completeness and correctness of data and information are ensured. In this context, we as oculavis must implement measures to ensure that e.g. contracts and other documents are not changed by unauthorized persons. Unauthorized modification of information and data can have far-reaching consequences both for us as oculavis and for our customers. By implementing an internal document management process, unauthorized changes can be detected quickly and reliably.
Availability"Availability" is guaranteed when information, data, and IT systems are available to our customers, partners, interested parties, and employees as intended. Concerning our Remote Service Platform oculavis SHARE, this means that it must be available to our customers when they need it. Our customers should be able to rely on us to provide the service they need, no matter when they need it. During the ISO certification, it was checked whether appropriate measures had been taken to ensure the availability of oculavis operated systems. Measures that increase the availability are for example redundant power supply of the infrastructure, a multi-level backup concept, and the operation of redundant systems.
For us, as oculavis, these protection goals have always been very important. The certification to ISO 27001 finally gave us as a company the opportunity to have the compliance and pursuit of these goals independently verified by an external audit. We are pleased that the external audit could not find any deviation from the ISO 27001 standard during the initial certification. This demonstrates to us that we, as oculavis, have already taken the security of information and data very seriously in the past, both from our customers and from our employees, and will continue to do so in the future.
Download Certificate as pdf
You can download the original certificate here.