ISO 27001

FAQ

What does the ISO/IEC 27001 certification cover?
ISO/IEC 27001 is an internationally recognised standard that sets out specific requirements for implementing and maintaining data protection and information security controls. It defines the steps organisations like LOGIC must take to systematically assess and manage information security risks. The certification confirms that LOGIC has robust processes and procedures in place to ensure the confidentiality, integrity, and availability of information, providing comprehensive protection for sensitive data.
What is meant by information security?
Information security refers to protecting information from unauthorised access, loss, alteration, or destruction. This applies to both digital and physical data. At LOGIC, we ensure that all confidential information, including customer data, business information, and intellectual property, is comprehensively protected.
Which threats does LOGIC need to protect itself against in particular?
LOGIC must protect itself in particular against cyber threats such as phishing, malware, ransomware, and targeted attacks (so-called advanced persistent threats, or APTs). LOGIC relies on a combination of technical controls, employee training, and strict processes to prevent and mitigate these risks.
What is an ISMS?
ISMS stands for Information Security Management System. An ISMS defines specific rules, methods, processes, and controls to govern, monitor, and ensure information security within an organisation. It includes policies, procedures, and safeguards applied across the business to protect sensitive information.
At LOGIC, our ISMS is an integral part of our corporate strategy. As part of ISO/IEC 27001 certification, it is audited regularly and assessed for effectiveness to ensure our security controls meet the highest standards and are continuously improved.
How does this affect the way we work and the products and services we offer?
Implementing and maintaining an Information Security Management System (ISMS) in line with ISO/IEC 27001 has a direct impact on how we work at LOGIC. Compared to a non-certified organisation with potentially less structured security practices, certification requires us to review and improve our security controls systematically and on a regular basis.
Despite the requirements of the ISO/IEC 27001 standard, LOGIC remains an agile organisation. Our processes are designed to let us respond flexibly to new requirements without compromising information security. This enables us to continue developing innovative, reliable solutions while consistently meeting the highest security standards.
What are examples of specific measures?
Access control
At LOGIC, physical access to our data processing facilities is regulated through strictly controlled security zones, and only authorised personnel are granted entry. Visitors are always accompanied by authorised staff. Access rights are documented and reviewed regularly to ensure that only entitled individuals have access. Visitors are recorded and verified to maintain an auditable log.
User access management
At LOGIC, access to our systems is governed by a comprehensive approach that ensures only authorised users can access information and systems. This includes granting, changing, and revoking access rights, as well as the use of strong passwords aligned as closely as possible with BSI recommendations and multi-factor authentication (MFA). External access is protected through firewalls and encryption.
Access governance
LOGIC ensures that employees can access only the data required for their tasks. Access rights are granted and documented according to the principle of least privilege, and regular reviews ensure that only necessary permissions remain in place. In non-certified organisations, these controls may be less systematic, increasing the risk of unauthorised access.
Logging and monitoring
At LOGIC, all relevant system events are logged, including logins and logouts, password changes, and modifications to user accounts. These logs are protected against unauthorised access and reviewed regularly. This enables us to trace who accessed which data and to identify potential security incidents.
Supplier management
At LOGIC, we place great importance on rigorous supplier management. We ensure that our suppliers meet security standards and are integrated into our security processes. This means we regularly verify our suppliers’ information security practices and ensure compliance with agreed security requirements. In non-certified organisations, this may be handled less systematically, which can introduce potential weaknesses in the supply chain.
Availability and redundancy
LOGIC ensures the availability and recoverability of data through backups, redundancy measures, and physical protection of systems. We use, among other things, uninterruptible power supplies (UPS) and regular maintenance processes to minimise system outages. Data is backed up in a way that enables fast and reliable recovery when needed.
Security incidents
In the event of a security incident (e.g., reported software vulnerabilities or human error), LOGIC has defined processes in place for rapid detection, reporting, and response. These processes are tested and improved regularly to ensure we can respond quickly and effectively to threats. In non-certified organisations, such processes may be less formalised or less established, which can increase response times and raise the risk of data loss.
Training and awareness
All employees at LOGIC receive regular training on the latest security threats and our internal security policies, based on a defined training plan. This ensures everyone in the organisation understands the importance of information security and data protection and knows how to contribute to maintaining them. In non-certified organisations, this may be less strongly emphasised, increasing the risk of uninformed or careless actions.

ISO/IEC 27001

Certificates

FAQ

Certification information