Zum Inhalt springen

Trust Center

ISO 27001:2022 Audit

Informationssicherheits-Managementsystem (ISMS) — Clauses 4-8 + Annex A. Geprüft am 05.07.2026.

🟢 94%

ISO 27001:2022 — Gesamterfüllungsgrad (93 Controls)

A.5 Organizational 🟢 97% A.6 People 🟢 100% A.7 Physical 🟢 100% A.8 Technological 🟢 91%

93

Controls geprüft

0

Non-Conformities

5

Observations

5/5

Clauses 4-8

4/4

Annex A Domains

Clauses 4-8: ISMS Kernanforderungen

4. Context

5. Leadership

6. Planning

7. Support

8. Operation

A.5 Organizational Controls

36/37 ✅
5.1 IS Policy
5.2 Roles
5.3 Segregation
5.4 Management
5.5 Authorities
5.6 Interest groups
5.7 Threat intel
5.8 Project mgmt
5.9 Asset inventory
5.10 Acceptable use
5.11 Return assets
5.12 Classification
5.13 Labelling
5.14 Info transfer
5.15 Access control
5.16 Identity mgmt
5.17 Auth info
5.18 Access rights
5.19 Supplier rel.
5.20 Supplier agr.
5.21 ICT supply ch.
5.22 Supplier mon.
5.23 Cloud services
5.24 Incident plan
5.25 Assessment
5.26 Response
5.27 Learning
5.28 Evidence
5.29 Disruption
5.30 ICT readiness
5.31 Compliance
5.32 IP rights
5.33 Records
5.34 Privacy
5.35 Review
5.36 Compliance
5.37 Procedures

A.6 People Controls

8/8 ✅
6.1 Screening
6.2 Terms
6.3 Training
6.4 Disciplinary
6.5 Termination
6.6 NDA
6.7 Remote
6.8 Reporting

A.7 Physical Controls

14/14 ✅
7.1 Perimeter
7.2 Entry
7.3 Offices
7.4 Monitoring
7.5 Threats
7.6 Secure areas
7.7 Desk
7.8 Equipment
7.9 Off-premises
7.10 Media
7.11 Utilities
7.12 Cabling
7.13 Maintenance
7.14 Disposal

A.8 Technological Controls

31/34 ✅
8.1 Endpoints
8.2 Privileged
8.3 Access restr.
8.4 Source code
8.5 Auth
8.6 Capacity
8.7 Malware
8.8 Vulnerabil.
8.9 Config
8.10 Deletion
8.11 Masking
8.12 Leakage
8.13 Backup
8.14 Redundancy
8.15 Logging
8.16 Monitoring
8.17 Clock
8.18 Utility
8.19 Access OS
8.20 Networks
8.21 Netw. svc
8.22 Segregation
8.23 Web filter
8.24 Cryptography
8.25 Dev lifecycle
8.26 App security
8.27 Architecture
8.28 Secure code
8.29 Testing
8.30 Outsource
8.31 Separation
8.32 Change mgmt
8.33 Test info
8.34 Audit

Observations (5)

A.8.6 Capacity Management

Performance monitoring vorhanden, aber keine formalen Kapazitätsschwellwerte definiert.

A.8.24 Cryptography — Data at Rest

SQLite-Datenbank hat keine native Verschlüsselung (nur filesystem-level). Migration zu SQLCipher oder PostgreSQL mit TDE empfohlen.

A.5.22 Supplier Monitoring

Vendor Scorecard vorhanden, aber kein automatisiertes Monitoring aller Lieferanten-Sicherheitsniveaus.

A.8.15 Logging — Central SIEM

Logging auf App-Ebene vorhanden, aber kein zentrales SIEM (Grafana Loki o.ä.) für aggregierte Analyse.

A.5.35 Independent Review

HealthGuardian + AutoHeal vorhanden, aber kein externer ISMS-Audit-Zyklus etabliert.

ISO 27001:2022 Audit durchgeführt am 05.07.2026 08:59 · Resilience Platform · 93 Controls geprüft · 05.10.2026 nächste Überprüfung

Controls basierend auf ISO 27001:2022 Annex A (ISO/IEC 27001:2022) · Automatisierte Kontrollprüfung