Security Checks and Verification

Continuous Control Creates Confidence

Security cannot be ensured at a constantly high level without internal and external performance reviews. That is why T-Systems regularly carries out audits, reviews and evaluations to document the efficacy and performance of its security measures in information and communications technology.

They include, for one, internal audits to the international security and quality standards ISO 27001 and ISO 9001. In addition, compliance with the Payment Card Industry Data Security Standard (PCI DSS) for electronic payments is checked regularly. For another, external audits and checks by recognized certification bodies guarantee compliance with binding security standards such as ISO 27001 that were drawn up by international bodies of experts.

Documentation and Certification

An SAS 70 Type II report by independent management consultants Ernst & Young certifies that at T-Systems all checks are in use and are effective. Periodic and occasional state-of-the-art scans of weaknesses also form part of the repertoire of security management. Penetration tests that simulate an attack by hackers and are carried out both internally and by independent third parties round off the security reviews. In addition, T-Systems draws up an annual audit plan that provides information about the scope and practices of planned audits and reviews.

Regular operational security reports to document the efficacy of information security are also indispensable. These reports are based on key performance indicators (KPIs) that in turn are based on security-related procedures and processes such as security patches, security incidents and investigation support management.

Furthermore, T-Systems offers its customers comprehensive assistance with security audits. ICT service provider T-Systems realizes that checks of this kind are an important element in a business relationship based on partnership. That is why T-Systems always helps its customers to achieve their review targets.