Certified according to ISO/IEC 27001

Compliance with ISO/IEC 27001 is regularly verified through independent audits.

Our ISMS enables us to systematically identify risks and implement appropriate controls to mitigate them.

This ensures that the core objectives of information security are consistently achieved.

Certificate issued to GFOS for the ISO/IEC 27001:2022 audit standard

Information Security

Importance and Objectives

As an innovative provider of software solutions, GFOS mbH places the highest priority on information security. Our customers expect not only high-quality products but also proof of secure and reliable processes.

For us, information security means:

  • Compliance with legal and regulatory requirements
  • Protection of trade secrets
  • Safeguarding the confidentiality of customer data
  • Secure and reliable delivery of our software

Protecting our information and communication infrastructure from misuse, manipulation, and disruption is critical to our business success. All employees are aware of its importance and actively contribute to minimizing risks.

Key Concepts of Information Security

  • Confidentiality:
    Information is accessible only to authorized individuals or systems.
     
  • Integrity and authenticity:
    Information may only be modified by authorized individuals or systems in approved ways. Authenticity ensures that the origin and integrity of information can always be verified.
     
  • Availability and resilience:
    Systems and information are reliably accessible when needed and are resistant to disruptions.
     
  • Information security:
    Maintaining confidentiality, integrity, and availability of information is our highest priority.
     
  • Information Security Management System (ISMS)
    The part of the overall management system that deals with planning, implementation, maintenance, review, and improvement of information security.

Strategic Objectives

Our strategic objectives within the ISMS framework include:

  • Data confidentiality:
    Protection of sensitive information through measures such as access controls and encryption.
     
  • High availability:
    Ensured through redundant systems, backup strategies, and failover mechanisms, particularly in the operation of the GFOS knownCloud.
     
  • Information integrity:
    Maintained through change management procedures, access controls, and defined processes.
     
  • Compliance with legal and regulatory standards:
    Implementation of all relevant legal, contractual, and normative requirements, especially ISO/IEC 27001, along with regular employee training and audits to ensure compliance.
     
  • Rapid response to security incidents:
    Detection, analysis, and resolution of incidents, including deriving lessons learned to prevent future risks.
     
  • Cost-effectiveness:
    Security measures are implemented with a balanced approach between benefit and effort.
     

These objectives ensure the sustainable protection of GFOS’s information, systems, and processes, and reinforce the trust of our customers, partners, and employees.

Information Security Governance

Goal Setting and Measurement

The ISMS at GFOS mbH ensures that confidentiality, integrity, availability, authenticity, and resilience of information, applications, and IT systems are maintained.

Our goals are aligned with the corporate strategy and are reviewed and evaluated at least annually.
Executive management defines the objectives and monitors their implementation.
Operational targets are proposed by the Information Security Officer and approved by executive management.

Goal achievement is regularly measured and analyzed. The results serve as the basis for continuous improvement of our ISMS.

 

Information Security Requirements

GFOS mbH meets the requirements of ISO/IEC 27001 and continuously develops its ISMS based on the PDCA (Plan-Do-Check-Act) cycle.

Our policy and ISMS comply with all relevant legal, statutory, contractual, and normative requirements related to information security, business continuity, and data protection.

 

Security Measures

Security measures at GFOS mbH are selected based on a structured risk analysis and are continuously documented and updated in a risk management system.

The status and implementation of these measures are transparently recorded in the Statement of Applicability.

 

Responsibilities

  • Executive management is responsible for implementing and continuously improving the ISMS and for providing all necessary resources.
  • The Information Security Officer coordinates ISMS operations and regularly reports on the status of information security.
  • All employees are required to comply with information security requirements within their areas of responsibility.

Additional roles and responsibilities are defined in the GFOS guideline “Information Security Roles and Responsibilities.”

 

Disciplinary Actions

Violations of this policy or related documents must be reported immediately to the Information Security Officer or a supervisor.

All violations may be subject to disciplinary, labor, criminal, or civil proceedings.

 

Policy Communication

GFOS ensures that all employees and relevant external parties are familiar with this policy.

Support for ISMS Implementation

Executive management hereby declares its support for the implementation and continuous improvement of the ISMS, providing appropriate resources to achieve all objectives outlined in this policy.