the aspectra blog IT know-how & more, since 2012

Future-proof IT security: we are ISO 27001:2022 certified

 ISO 27001:2022 certified emblem | ©  ISO 27001:2022

We have been ISO 27001 certified since 2011 – and we have now successfully completed recertification according to the latest ISO 27001:2022 standard. What has changed and why is it important for our customers?

What is ISO 27001?

ISO/IEC 27001 is the globally recognised standard for information security management systems (ISMS). It sets out requirements for protecting sensitive information, minimising risk and continuously improving cyber security within organisations. A successful implementation of its controls helps defend against both external attacks and common internal threats.

Our certification history

We have been ISO 27001 certified since 2011, demonstrating our commitment to upholding stringent security standards.

In 2024, we successfully passed the recertification audit against the updated ISO 27001:2022 standard. As in previous years, the audit was conducted by KPMG Switzerland.

Scope of our certification

The ISO 27001:2022 certification covers the following processes at our company:

  • Data Centre Operation
  • Server Operation
  • Application Operation
  • SaaS services such as WAF (Web Application Firewall), IAM (Identity and Access Management) and CDN (Content Delivery Network)

What's new in ISO 27001:2022?

The new version updates key security measures and adapts them to modern challenges. Appendix A, the reference framework for organisations, has been restructured to include 93 security controls instead of 114. There is a greater focus on cloud security, threat intelligence and data protection. The new measures also include security application testing in the software development lifecycle (SDLC). It is designed to improve code security and to detect security vulnerabilities earlier.

Risk assessment has also been defined more precisely to make it easier to implement in practice. In addition, the structure has been standardised (so-called ‘harmonised structure’) so that the standard can be more easily combined with other ISO management systems. These changes make the standard not only more up to date, but also even more effective in protecting sensitive data.

Our commitment to the highest security

Achieving ISO 27001:2022 certification demonstrates our ongoing commitment to the highest levels of information security.

Our customers benefit from even better protective measures and a robust, future-proof security strategy.