arvato Systems - Information Security Management with the QSEC-Suite from the WMC GmbH company
Decision criteria and end user expericence to operate and certify a software-supported.
The integrated information security is an essential management task for system integrators and IT service providers. Earlier than other competitors the ‚arvato systems‘ company realized this fact and offers to its customers a security under hand and seal for the past years: at the end of 2002 the company was certified for the first time in accordance with the BS 7799 regulations and since February 2006 the certification also includes the ISO 27001 standard. Right within the frame of the initial certification the arvato systems company decided to make use of a software solution to be the basis for the required IT risk management. Subject to the increasing requirements which were not covered perspectively by this software solution the company evaluated the market in 2008. The evaluation included the search for a ‚state of the art‘ software which represents an information security management system in accordance with international standards such as the ISO 27001 and which corresponds with further other requirements including:
- Distinctive flexibility to fully represent the processes and methods fitting to the related organization.
- A flexible authorization concept to represent different roles within the processes.
- Extensive and individual assessment functions to quickly and easily extract the important information.
- An easy-to-use user interface for random users.
- An availability of necessary interfaces to use the existing data and to avoid possible redundancies.
- A smooth extensibility (such as further compliance standards) to meet future requirements.
„Assisted by the mature templates the basic configuration for ‚our‘ ISMS in the QSEC Suite was captured and implemented in only a few workshops. During the definition of the business process levels and related IT risk management thereof the WMC company was a sparring partner on a par with us to pass the right solution for the implementation of ‘our’ ISMS in less than three intensive discussion meetings.“ stated Mr. Roger Schranz, Project Manager and Information Security Manager of the arvato systems company.
After a one-day crash course two staff members were able to implement the available documents into the document management and the controls within the compliance management. After only five months the risk assessment necessary for the audit was executed with the QSEC-Suite, the compliance controls were updated and all required documents were linked accordingly.
Since then, the arvato systems company fully benefits from the QSEC-Suite and partakes from a significantly minimized tracking effort to maintain and update the data. In the meantime about 500 staff members are involved based on the clearly defined authorization concept to support the certification process.
Roger Schranz, Project Manager and Information Security Manager within the arvato systems company confirmed: „Some aspects became obvious when walking on the same path – from the very beginning when using the QSEC Suite we got the impression that this not only a tool, but in the WMC company we found a partner who was also interested to conduct an intensive dialogue and to have a consistent further development with the related improvements. This was a fact – and a quick decision was reached without an escalation management.“
In February 2011 the arvato systems company successfully completed the auditing for continuous improvement together with the QSEC-Suite.
For the arvato systems company the QSEC-Suite is an example for a successful project and efficient use of a software in several aspects. All requirements defined in the preliminary phase for an extensibility, flexibility, simplicity and processability on an integrated information security management system were fully achieved with the QSEC-Suite. It was possible to successfully improve the processes, to increase the efficiency, to reduce the costs at the same time and to successfully pass all executed audits.
Now, the arvato systems company plans to extend the perimeter when using the QSEC-Suite and to incorporate the QSEC-Suite module PCI DSS into the information security management environment. With the BIA and BCM modules the QSEC-Suite is a multi-standard solution for the arvato systems company to allow an optimization and extension with further international standards.
arvato systems – the key enabler for new business
As a systems integrator the arvato systems company is the right partner if more than professional IT services are concerned. We know that the IT is the core of any successful processing of complex businesses.
With more than 1.650 staff members and revenues of 230 Million Euros we belong to the arvato AG, the media and communications provider of the Bertelsmann AG.
Together with the implementation of standard software solutions the arvato systems company offers solution which are developed taylor-made, related to any industrial sector and individually. We link a very detailed sector know-how with multi-vendor technological knowledge and combine a systems integration to intelligently develop, represent, operate and maintain systems environments.
This allows us to design the entire value-added chains: the arvato systems company represents the business processes within the IT and completes them with services of the arvato AG to create an integrated services portfolio fulfilment.
This unique combination allows us not only to design proposals for taylor-made solutions but also to realize the best solutions in a professional, comprehensive and pragmatic approach to fully meet the customer needs. The success of our customers is a personal issue for us to create a new image for their IT.
This fact develops us to be a key enabler for new business.