Information security and data protection management
- VdS 10000 - Information Security for SMEs
- VdS 10100 - Information Security according to NIS-2
- VdS 10010 - Data protection for SMEs in accordance with GDPR
- VdS 10020 - Information Security in production/ICS
Personal Certification
- VdS 10003 - Consultant for Information Security Management
- VdS 10013 - Consultant for data protection management
Produktzertifizierung
- VdS 3836 - Cyber-Security for Systems and Components (SecIoT)

Contact

Information Security for Organizations

Information Security according to NIS-2 with Certification

The VdS Guidelines 10100 define minimum requirements for a structured information security management approach in accordance with NIS-2 and support organizations in implementing the legal requirements in a systematic and practical manner.

With the introduction of the EU Directive NIS-2, numerous organizations are confronted with significantly expanded requirements for information security. Organizations will need to demonstrate that they have implemented appropriate organizational and technical measures to protect their information processing.

The VdS Guidelines 10100 supports organizations in implementing these requirements in a structured and practical manner.

The guidelines defines minimum requirements for effective information security in accordance with NIS-2 and describes how organizations can systematically establish organizational structures, responsibilities, and technical measures. Its objective is to embed information security as an integral part of corporate governance and to sustainably reduce risks to IT systems and information.

Certifiable Requirements

The VdS 10100 forms the basis for certification by VdS Schadenverhütung. Organizations can thereby demonstrate to customers, partners, and supervisory authorities that they have implemented structured measures for information security.

Practical Implementation of NIS-2 Requirements

VdS 10100 describes a structured approach for the introduction and continuous development of information security measures. Among other things, the following areas are addressed:

Establishment of appropriate organizational structures for information security
Definition of responsibilities, e.g. Information Security Officer and crisis management
Classification and protection of IT resources and information
Requirements for IT systems, networks, and external IT resources
Regulations for security incidents and IT crises
Training and awareness measures for employees

The guideline thereby provides a transparent framework for meeting legal requirements while strengthening the organization’s resilience against cyber threats.

Continuity with VdS 10000

VdS 10100 builds on the established VdS 10000 guideline. Both guidelines are largely compatible, allowing organizations with an existing VdS-10000 framework to implement the extended requirements with manageable effort.

VdS 10100 therefore provides a clearly structured and practical approach for organizations, particularly those affected by NIS-2, to implement the new legal requirements.