Marathon at Sprint Speed – LANCOM Systems Builds Certifiable ISMS

30. October 2024

In an age when digitalization has become the norm in almost every industry, information security is becoming increasingly important for companies. In March of this year, LANCOM Systems, a leading European manufacturer of network and security solutions, achieved certification according to ISO/IEC 27001:2022, the global standard for information security. Read on to find out how a team of experts from usd AG, led by Andrea Rupprich, guided LANCOM to this important milestone in just 10 months.

Time is short – tight deadlines

In May 2023, LANCOM and usd began their collaboration. The assignment for usd's team of experts was to support LANCOM in setting up an information security management system (ISMS) and to make it fit for certification. The scope included the management, development and operation of the LANCOM Management Cloud (LMC), as well as service and support for all LANCOM Systems GmbH products at the Würselen and Karlsruhe locations. The end of the project was set for the first quarter of 2024, when the external ISO 27001 audit was scheduled to take place. This left a mere 10 months from the start of the collaboration to complete the certification. A challenge, even for the experienced ISMS experts at usd. But doable?

“Absolutely. As a rule, setting up an ISMS that is ready for certification takes years and involves a large number of stakeholders who have to pull together internally. We were therefore clear about the fact that our project was ambitious. At the same time, however, we knew that we could build on our expertise in the team and our extensive experience from similar projects. And, most importantly, on LANCOM and the parent company Rohde & Schwarz as committed project partners.”


Andrea Rupprich, Managing Security Consultant, usd AG

Commitment is the best driver

After an initial review, it was quickly apparent that LANCOM had already created a solid foundation, particularly in the area of technical IT security measures. With the help of a systematic gap analysis, the usd team was able to work out a detailed project plan and follow it strictly.

“Continuous commitment to the highest information security standards and the protection of sensitive data is very important to us. That is why we created various new roles with free capacities during the ISMS project. Together with usd, we were also able to define the tasks of important roles more precisely and raise our information security processes to a higher level of maturity overall.”


Ulrich Halka, COO LANCOM

The team reported on progress in a monthly report to LANCOM management. Thanks to the intensive communication and the high level of commitment from everyone involved, potential project risks could be quickly identified and addressed.

“Our experience shows that in information security, we must always expect dynamic environments and unexpected developments. Therefore, we had a plan B up our sleeve for all the planned steps in our project, so that we could react flexibly to unforeseen events. This enabled us to successfully implement all the planned project steps on schedule.”


Andrea Rupprich, Managing Security Consultant, usd AG

Support from the parent group

One important bonus: the project team was able to build on the solid foundations already established by the parent company Rohde & Schwarz (R&S), particularly in the areas of guidelines, asset management, risk management and action tracking. The usd team adapted processes and guidelines to the circumstances at LANCOM, and was always able to fall back on R&S contacts for questions and coordination.

“If a company is part of a group, it is important to check whether it already has ISMS basics in place. However, each company needs individual adjustments to make the guidelines and processes practical there. By working together in workshops, we were able to efficiently develop project results for all parties involved.”


Oliver Schmidt-Voss, Senior Security Consultant, usd AG

In preparation for the actual certification, R&S also carried out the internal ISO 27001 audit at LANCOM. Based on the insights gained, the project team was able to significantly improve the areas of process documentation and business continuity management in particular.

Across the finish line

After 10 months of intensive work and a successful internal audit, the time had come: the external ISO 27001 audit was carried out on time and as planned by TÜV Rheinland. The reward for all the hard work: the ISO 27001 certificate.

“This was a joint accomplishment. It was an absolute team effort between usd and us. We are pleased with the successful completion and would like to express our thanks for the excellent cooperation. This is a great success for everyone involved in the project and a real milestone for LANCOM on the road to greater security.”


Heiko Herrberger, Head of Quality Management, LANCOM Systems

“Once again, I would like to say thank you. I am very happy with our decision to go with usd AG and found the communication to be very pleasant! I am now looking forward to our future collaboration on the continuous improvement of our ISMS.”


Felix Wallaschek, ISMS Manager LANCOM Systems


About LANCOM Systems

LANCOM Systems is the leading European manufacturer of secure, reliable and future-proof networking and security solutions (WAN, LAN, WLAN, firewalls, as well as Remote & Mobile Access) for the public and private sectors. The company combines hardware business with virtual network components and Cloud-based software-defined networking (SDN). The result is a unique portfolio of on-premises and Cloud solutions with a central platform for SD-WAN, SD-LAN, SD-WLAN & SD-Security. LANCOM is a wholly owned subsidiary of the German technology group Rohde & Schwarz GmbH & Co. KG, headquartered in Munich.

https://www.lancom-systems.com/company/profile

Also interesting:

Part-IS: The 7 Most Important Questions

Part-IS: The 7 Most Important Questions

Civil aviation consists of a complex network of numerous interrelated systems that are increasingly becoming the target of cyber attacks. Part-IS is intended to oblige the organizations involved to take effective measures to protect themselves against information...

PCI DSS: PCI Council Releases SAQs for Version 4.0.1

PCI DSS: PCI Council Releases SAQs for Version 4.0.1

This week, the PCI Security Standards Council (PCI SSC) announced that it published the Self-Assessment Questionnaires (SAQs) for PCI DSS v4.0.1. [See the PCI SSC Bulletin] With the help of SAQs, eligible merchants and service providers can prove their compliance with...

Categories

Categories