Artificial intelligence is developing at breakneck speed and raises as many questions about security and protection as it promises advantages. When it comes to outperforming people in decisions and assessments such as early detection of security risks or managing critical infrastructure, how can we be sure that we are in control? The increasing complexity of technology raises questions of trust.
In AI we trust! Sounds weird, huh? And it’s no wonder. While it is relatively easy to trust the yes/no output of a simple function that gives an insight into a rather superficial aspect – like number 1 is greater than number 2 – things are not so easy with sophisticated AI. Parsifal gives much more complex insights such as “emergency breaking of trains entering track 4 because an unauthorized person is on the track beds”. In this context, not only is the detection more challenging, but the consequences are more far-reaching and raise questions of trust. It is therefore essential to ensure that Parsifal has not been tampered with and is always in operation without downtime. In the end, everything boils down to trust. You place your trust in Parsifal and we urge you to guarantee that you can rely on him.
Because physical and digital security go hand in hand, Parsifal’s software must be secure. That’s why we have chosen ISO/IEC 27001:2013 certification, so that we not only promise trust, but also seal it with a credible and recognized authority.
G2K’s software development process was successfully audited based on the standards of the Institute of Global Certification (IGC) and is now certified according to ISO/IEC 27001:2013.
What is the ISO/IEC 27001:2013 standard?
ISO/IEC 27001 is a globally recognized standard for assessing the security of Information and Communications Technology (ICT) environments. The standard describes the requirements for the implementation and documentation of an Information Security Management System (ISMS) in detail.
And what’s an Information Security Management System?
An ISMS is a systematic model for the introduction, implementation, operation, monitoring, review, maintenance and improvement of an organization’s information security to achieve business objectives.
Our ISMS serves as a center for everything concerning IT security and comprises policies, procedures, guidelines, related resources and activities to protect the confidentiality, integrity and availability of our information assets.
Confidentiality means that our information is protected against unauthorized disclosure and is viewed exclusively by authorized persons. The scope of this protection is not limited to information within our ICT systems. Allowing an unauthorized person to look over the shoulder while confidential documents are being processed can constitute a breach of confidentiality, as can passing on confidential information over the telephone to a caller who is not authorized to receive it. That’s why we train our staff to ensure mistakes like this don’t happen.
Integrity is concerned with the accuracy and completeness of data and the prevention of improper or unauthorized manipulation throughout its entire life cycle. To ensure the integrity of our information assets, we have appropriate technical and organizational measures in place to prevent, for example, a user accidentally or maliciously deleting or modifying important data or infecting a system with a computer virus.
Availability is the fundamental pillar of the triad, because confidentiality and integrity alone are of limited use if the information respectively Parsifal is not accessible or usable. In order for Parsifal to serve its purpose, its services, functions and resources must always be available or accessible to authorized parties as scheduled. This means that the computer systems used to store and process the information, the security controls used to protect the information and the communication channels through which it is accessed must function correctly. High-availability systems such as Parsifal must always remain operational, and interruptions in operation due to power outages, hardware failures and system upgrades must be avoided as far as possible. For this reason, we have taken appropriate countermeasures to prevent such disruptions.
Information security thus not only includes IT security (e.g. firewalls, anti-virus software, etc.) – but also the handling of processes, legal issues, personnel, physical protection, etc. The ISMS also demonstrates the approach of continuously monitoring, maintaining and improving such measures in order to constantly adapt information security to the evolving threat situation.
Maintaining certification requires regular review audits to confirm that the ISMS continues to operate as intended. These take place at least once a year.
How does the ISO/IEC 27001:2013 certification benefit G2Ks clients and partners?
The ISO/IEC 27001:2013 certification is based on internationally recognized and respected standards. It has been independently proven that G2K’s software development processes enable a quality product that customers and partners can trust. The certification is another sign of trustworthiness demonstrating our clear commitment to information security management.
It documents the implementation of a robust system for managing and protecting information assets within our organization to ensure business and IT continuity in the event of a disaster. Risks, such as confidentiality breaches, are minimized through early detection and reduction of threats. Regular training and internal audits ensure that data and information security is firmly anchored in our daily business.
“For us, the topic of information security has been an integral part of our daily business from the very beginning and has always been of paramount importance. With the certification according to the internationally recognized ISO 27001 standard, we have now also had it officially confirmed that we have demonstrably implemented the topic of information security in our company. In addition, we have further optimised our IT and business processes with regard to security and the detection of possible security risks as part of the certification process. Our ISMS will continue to ensure transparency, consistent monitoring and continuous improvement of all relevant processes,” concludes Omar El Gohary, Chief Technology Officer of G2K.