Skip to main content

Outsourcing Information Security Officer


Outsourcing Information Security Officer

Outsourcing Information Security Officer – We take on the following tasks for the establishment of an audit-proof information security management:

  • Supporting the management in defining and adapting the information security guideline and advising on all information security issues.
  • Drawing up information security guidelines and, if necessary, other relevant regulations
  • Controls for compliance with the information security guidelines and monitoring of the guidelines vis-à-vis IT service providers
  • Participation in the creation and updating of the emergency concept with regard to IT matters
  • Initiation of information security measures and their monitoring
  • Participation in projects with IT relevance
  • Contact person for information security issues within the company and for third parties
  • Investigating information security incidents and reporting to management
  • Awareness-raising and training measures on information security
  • Informing the management regularly, at least quarterly, about the status of information security as well as on an ad hoc basis.

What needs to be considered? + Outsourcing Information Security Officer

The function of the information security officer shall be organisationally and procedurally independent in order to avoid possible conflicts of interest. To avoid possible conflicts of interest, the following measures in particular shall be observed:

  1. Function and job description for the information security officer and his/her representative.

  2. Determine the resources required for the function of the information security officer.

  3. Budget for information security training in the company as well as personal training for the information security officer and his/her representative.

  4. Immediate and constant opportunity for the information security officer to report to the management.

  5. Obligation of the company’s employees as well as the IT service providers to inform the information security officer immediately and comprehensively about all IT security-relevant facts that have come to light and concern the company.

  6. The function of the information security officer is organisationally separated from the areas responsible for the operation and further development of the IT systems.

  7. The Information Security Officer does not perform any internal auditing tasks.

Outsourcing Information Securitiy Officer

Companies shall establish the function of the CISO.

This function includes the responsibility for the perception of all information security issues within the institution and vis-à-vis third parties.

It ensures that the goals and measures set out in the IT strategy and the information security guideline of the company. 

The BAIT include regulations on the following focal points:

IT strategy

IT Governance

IT projects, application development

IT operations

Information Risk Management

Information security management

User authorisation management

Outsourcing of IT services

Information securitiy Officer

Get in touch with us

We have aroused your interest? Send us a message with your question or enquiry!