Information processing for small and medium-sized enterprises

Information security management with certificate

The sector-neutral VdS guidelines 10000 are a catalogue of measures for a management system that is specially tailored to SMEs and improves the information security status of a company.

With approximately 20% of the effort compared to ISO 27001, SMEs can derive measures and processes from the VdS guidelines to achieve an adequate level of protection in the IT sector. Additionally, the VdS guidelines have been designed to be upward compatible. Therefore, certification according to VdS 10000 can also serve as an entry point into the ISO 27000 series, with companies receiving support from VdS.

The minimum requirements for information security are formulated in an understandable way and are designed in such a way that SMEs are not overburdened organisationally and financially. The VdS 10000 guidelines are based on the recognised standards ISO 27001 and BSI-Grundschutz.

The framework VdS 10000 is complemented by the VdS 10020 guidelines, which provide a guide for the interpretation and implementation of VdS 10000 for Industrial Control Systems (ICS).

This is confirmed by the BSI with the following recommendation:

"The set of rules VdS 10000 "Information Security Management System for SMEs" represents a regulated process for the introduction of an ISMS, just like the basic assurance of basic IT protection. The fields of action described are also comparable, but differences arise in the specification of the individual requirements, which the VdS rules and regulations formulate less concretely in some fields of action. Thus, the requirements of VdS 10000 represent a subset of the basic coverage of basic IT protection and form a good basis for implementing an ISMS in accordance with the BSI Baseline Protection or ISO 27001."

The VdS certification

confirms that the company has prepared organizationally, technically and preventively for the most important attack scenarios - and has appropriate processes and protective measures in place.

The VdS certification

creates a high level of trust among suppliers, customers and insurers in the company's performance: data is securely protected and the risks of restricting the company's ability to deliver have been minimized.

The VdS certification

confirms that the company has expanded its risk management to include information security. An essential must for corporate security.

The VdS certification

confirms that risk transparency in the company has been increased, thus relieving the burden on management. The company can concentrate on its core processes again.

The VdS certification

means that the residual risk - which always remains - can be transferred to an insurer and thus a second line of defense is built up to secure your existence.

The VdS certification

is upwardly compatible and can be an entry into the ISO 270000 series at any time.