DQS-Group 
 Home   Contact   Sitemap   Legal Notices and Terms 
 
Downloads
Associates
International Network / IQNet


 USER-CENTER
Help

©2005 DQS GmbH
< Back
  

Production factor: Information
Information – the fourth factor of production, next to land, labor and capital goods. Data on customers and employees, construction plans and design studies, financial data and analysis – all of these are assets that form the basis of corporate success. But what happens when information arrives “in the hands of many”, when it is only intended for a few? Security experts talk about “unfriendly loss of information” when millions of credit card data are “pirated” by hacker attack, as happened in June 2005. While such reports usually result in a short-term increase of investments in security tools, one risk is usually overlooked: your own employees, insufficiently trained and unaware.

Risk factor: People
Very few organizations have made consistent rules for who may access which information and how to handle it. Phishing and Pharming – the spying-out of confidential information by way of falsified e-mails and websites – are only two examples of numerous hazards that can only result in damage through conscious or unconscious employee misconduct.

Disruptive factor: Lack of awareness
According to the results of the Deloitte Global Risk Management Survey 2004*, the number of internal security attacks at the world’s 100 largest banks more than doubled compared to the previous year. At the same time, though, less than half of these organizations are planning measures to increase the security awareness among their employees. Worse yet: investments in information security are often ineffective, because risks and vulnerabilities have not been identified correctly and measures have not been initiated in a targeted manner – a situation that stands representative for many other business sectors.

Key factor: Giving ISMS top priority
The significance of information security in the context of an Information System Management System (ISMS) is growing, thanks to a whole range of national and international laws and guidelines, such as the KonTraG (law on transparency in companies) or the Sarbanes-Oxley Act (SOA). They all have one common denominator: to expand the obligations of top management, to tighten their personal liability. Similar to a risk management system, they require efficient structures for monitoring and early warning systems.

Prerequisites: Figures, data, facts – readily available, irreproachable and authentic. One motivation for the systematic creation of information security is Basel II. At a time when banks are increasingly concerned with the risk of allowing credit, small and medium sized enterprises particularly benefit from the prompt availability of quantitative and qualitative corporate information. It offers them the opportunity to actively participate in the evaluation of their creditworthiness, thus influencing the bank’s credit decision.

Security factor: An ISMS
The objective of an ISMS is to identify corporate risks, to analyze them and to use suitable measures to make them controllable. In its structure, the standard is aligned with the PDCA cycle (Plan-Do-Check-Act), an approach familiar from ISO 9001. It offers the opportunity to integrate an ISMS easily into an existing management system.

Success factor: Benefits of an ISMS
ISO/IEC 27001(formerly BS 7799-2) specifies the systematic structure of a process oriented information security management system and identifies the requirements for an ISMS. This integrated approach results in many significant advantages for organizations:

Increased security awareness among employees, executives and management
Safe guarding the security objectives confidentiality, availability, integrity, authenticity and reliability of information
Contribution to safe guarding business continuity
Legal certainty through systematic adherence to relevant laws on information security and data protection
Reduced risk of management liability
Cost savings by avoiding security incidents

Getting started:
The DQS multi-level approach to ISMS
DQS was the first German certification body to receive accreditation for BS 7799-2, the predecessor of ISO/IEC 27001, in December of 2000. Based on many years of experience, DQS developed a four-level assessment concept, which can be customized to the security needs and objectives of each individual customer. With highly local qualified auditors and flexible planning, DQS supports its customers on all levels of their development, from the easy first steps by self-evaluation all the way to an optional certification. To find out more, you may contact us at info@dqs.com.my

In separate occasion, LE Global who have strong focus and expertise in the field of Information Technology Security has chosen DQS as their certification partner. The professional service team of LGMS comprises individual who are holding some of the most respected international certification such as CISSP, CISA, CISM, CPTS, SCSA, COBIT foundation, MCSE, PRINCE2, CPTS etc. The company has recently certified by DQS local auditor according to ISO27001 standard. “Certified according to ISO27001 is an important milestone for our company, this is an assurance to our customer for using our service” quoted by Mr. Fong during certificate presentation.
Mr. Danny Ng (3rd Left) Regional MD of DQS presenting certificate to Mr. CF Fong (3rd Right) during hand over certificate ceremony
- Jan 2010
  
Contact Center
Cost Estimate - Call-Back - Brochures
Customer barometer
Customer Satisfaction as key to economic success
Terms and Conditions
Download as PDF-File (570 KB)
Annual Report
Download as PDF-File
DQS at a Glance
Facts and Figures

Management Systems
  ISO 9001:2000 / 2008
  ISO 14001:2004
  ISO/TS 16949:2002
  AS/EN 9100
  ISO 13485:2003
  ISO22000:2005/HACCP
OHSAS 18001:1999 / BS OHSAS 18001:2007