ISO coordination – What makes XFAIR a secure IT partner

In addition to the Information Security Officer (ISO), the ISO Coordinator at XFAIR is responsible for the information security management system (ISMS) process in accordance with the ISO standard. He is entrusted with many different and responsible tasks, with the main focus being on cooperation with and support for the XFAIR ISB. In the interview “IT security at XFAIR” on the XFAIR blog, you can find out more about his tasks and why ISO certification is so important for companies in the IT sector.

But what does ISO actually mean?

Well, ISO 27001 – officially ISO/IEC 27001 – is a globally recognized standard for the management of information security and sets out the requirements for an ISMS.

The operation and maintenance of this information security management system as well as updating and continuous improvement according to the PDCA cycle are among the main tasks of an ISO coordinator. The PDCA cycle describes a process-based approach and describes the recurring “Plan-Do-Check-Act” workflow. This cycle ensures that the ISMS is continuously adapted and improved in order to meet the constantly changing security requirements.

Versandkartons im eigenen Shop-Design

In the course of this, the guidelines, specifications and processes for increasing information security are regularly reviewed to ensure they are up to date and, if necessary, adapted in consultation with the ISB. For this purpose, the implementation of ISMS requirements and documentation must of course also be monitored and assessed. The documentation includes written instructions, procedures, plans, guidelines and other information necessary for the control, organization and monitoring of processes. The reason and date of changes are always recorded in the history of the documentation in order to ensure consistent audit compliance.

Of course, it is not possible without continuous further development of information security risk management in accordance with the GDPR principles of confidentiality, integrity and availability. This means that company assets, i.e. employees, hardware or services offered, are subjected to a risk analysis with regard to these values in order to assess whether a risk is acceptable or needs to be minimized through suitable measures.

Another area of responsibility of the ISO coordinator is the preparation and coordination of internal ISMS audits and external ISO certification audits. ISO certification is valid for three years: a surveillance audit is carried out in the first and second year, followed by recertification in the third year, in which the scope of the audit is the same as in the first audit.

Last but not least, the ISO coordinator reviews and assesses the current threat situation based on the latest security information from the Warning and Information Service of the Federal Office for Information Security (BSI). These are available on the BSI website and can be assessed using the CVSS score. CVSS stands for Common Vulnerability Scoring System and is a standard for assessing the severity of potential or actual security vulnerabilities in computer systems.

The next certification audit will be carried out in mid-2025 in accordance with the new version ISO 27001:2022. The focus here is on process orientation, as well as additions and restructuring of requirements in order to meet current cyber security requirements. Considerable additional work is to be expected in the run-up to the changeover. However, this additional effort is necessary in order to maintain a high level of information security.

 

Versandkartons im eigenen Shop-Design

Further contributions

XFAIR Software – How XFAIR manages to stay flexible in its solutions

XFAIR Software – How XFAIR manages to stay flexible in its solutions

XFAIR has been developing our own software solutions for years – web based as well as the XFAIR-Apps. These solutions are being adapted to suit our customers‘ needs individually based on each event XFAIR is being booked for. Steven Terry, head of development, knows all about the challenges that come with these customizations.

read more
The catering app and the value of hospitality at trade fairs

The catering app and the value of hospitality at trade fairs

Trade fairs are known to be a gathering place for various experts from a particular industry or people interested in a specific subject area. Regardless of their reasons for attending the event, trade fair visitors are generally open to discussions from a variety of professional backgrounds.

read more