{"id":4506,"date":"2025-10-07T09:56:03","date_gmt":"2025-10-07T07:56:03","guid":{"rendered":"https:\/\/www.astrum-it.de\/warum-zertifizierungen-wie-iso-27001-9001-fuer-unternehmen-unverzichtbar-sind-und-wie-wir-die-damit-verbundenen-anforderungen-umsetzen\/"},"modified":"2026-04-14T11:48:56","modified_gmt":"2026-04-14T09:48:56","slug":"warum-zertifizierungen-wie-iso-27001-9001-fuer-unternehmen-unverzichtbar-sind-und-wie-wir-die-damit-verbundenen-anforderungen-umsetzen","status":"publish","type":"post","link":"https:\/\/www.astrum-it.de\/en\/warum-zertifizierungen-wie-iso-27001-9001-fuer-unternehmen-unverzichtbar-sind-und-wie-wir-die-damit-verbundenen-anforderungen-umsetzen\/","title":{"rendered":"Why certifications such as ISO 27001 and ISO 9001 are essential for businesses, and how we implement the associated requirements"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1456px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\"><p><strong>ISO 27001 in the Development Process \u2013 Security from the Start<\/strong><\/p>\n<p>Information security is not a one-time task, but an integral and urgently needed part of our development process. As part of our ISO 27001 implementation, we have therefore integrated a risk assessment based on the OWASP Top 10[1] directly into our workflow.<\/p>\n<ul>\n<li>In our planning process, we identify and document security risks even before development begins<\/li>\n<li>As soon as risks are identified, we assess their criticality using the Common Vulnerability Scoring System (CVSS). This internationally recognized standard allows us to prioritize security risks objectively and transparently. This ensures that particularly critical vulnerabilities are addressed quickly\u2014before they can impact our systems and, consequently, our customers.<\/li>\n<li>Through automated penetration tests, our software is scanned daily for potential security gaps and vulnerabilities.<\/li>\n<li>Third-party software we use also undergoes a daily, automated security check provided and verified by public authorities.<\/li>\n<\/ul>\n<p>In this way, we maintain a software development process that prioritizes security awareness on a daily basis and is continuously expanded and put into practice.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-3571\" src=\"https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-scaled.jpeg\" alt=\"\" width=\"2560\" height=\"1396\" srcset=\"https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-200x109.jpeg 200w, https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-400x218.jpeg 400w, https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-600x327.jpeg 600w, https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-768x419.jpeg 768w, https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-800x436.jpeg 800w, https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-1200x655.jpeg 1200w, https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-1536x838.jpeg 1536w, https:\/\/www.astrum-it.de\/wp-content\/uploads\/2025\/10\/AdobeStock_1620432457-scaled.jpeg 2560w\" sizes=\"(max-width: 2560px) 100vw, 2560px\" \/><\/p>\n<p>ISO 9001 in the Development Process: Quality Through Clear Definitions and Processes<\/p>\n<p>Implementing ISO 9001 in software development means not only adhering to quality standards, but also integrating them consistently and as seamlessly as possible into daily work processes. A key tool in this process is the Definition of Done (DoD), which ensures that tasks are not considered complete until all relevant quality guidelines have been met.<\/p>\n<p>In the development process, tasks are not simply declared \u201cdone.\u201d Instead, the Definition of Done specifies which steps are absolutely necessary to ensure quality. These include, among others:<\/p>\n<ul>\n<li><strong>Code review:<\/strong> Every change to the software is thoroughly reviewed and approved by several software developers before the next steps are initiated.<\/li>\n<li><strong>Issue Review<\/strong>: During a second review cycle, we verify that the functionality, documentation, automated tests, and test descriptions have been implemented in the best possible way for further development before they are handed over to the testing department for functional quality assurance.<\/li>\n<li><strong>Documentation of risk management measures:<\/strong> Identified qualitative risks and how they are managed are described in a proactive and transparent manner and, where necessary, are subject to separate reviews.<\/li>\n<li><strong>Implementation guidelines:<\/strong> Relevant information and procedures for implementing specific requirements are documented in detail to ensure traceability and knowledge transfer.<\/li>\n<\/ul>\n<p>These requirements are not merely theoretical guidelines; they are enforced and documented using our Jira software. This provides transparent evidence that processes are being followed.<\/p>\n<p><strong>Structured Approach to Bugs<\/strong><\/p>\n<p>In addition to the Definition of Done, there is a clearly defined process for handling bugs in the software. This includes:<\/p>\n<ul>\n<li><strong>Analysis and assessment of the bug<\/strong><\/li>\n<li><strong>Decision on (partial) software lockdowns<\/strong>, if necessary<\/li>\n<li><strong>Transparent communication to customers<\/strong> regarding impacts and measures<\/li>\n<\/ul>\n<p>This structured approach ensures that not only are bugs fixed, but transparency, trust, and reliability toward customers are also maintained.<\/p>\n<p><strong>Conclusion<\/strong><\/p>\n<p>ISO 9001 (Quality Management) and ISO 27001 (Information Security Management) together provide a foundation for robust, resilient supply chains. While ISO 9001 standardizes processes and institutionalizes knowledge within the organization, ISO 27001 ensures that information and data remain protected throughout the supply chain. The result is greater transparency, trust, and quality\u2014not only internally but also in collaboration with customers, partners, and suppliers.<\/p>\n<p>For more information about our certifications, please visit our <a href=\"https:\/\/www.astrum-it.de\/en\/company\/certifications\/\" target=\"_blank\" rel=\"noopener\">Website<\/a>.<\/p>\n<p>[1] The OWASP Top 10 is a list of the ten most critical security risks for web applications, compiled by the Open Web Application Security Project (OWASP). It serves as a guide for developers, security experts, and organizations to identify and address the most common and dangerous vulnerabilities in web applications.<\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":6,"featured_media":3566,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[118],"tags":[],"class_list":["post-4506","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogbeitrag-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/posts\/4506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/comments?post=4506"}],"version-history":[{"count":2,"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/posts\/4506\/revisions"}],"predecessor-version":[{"id":4508,"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/posts\/4506\/revisions\/4508"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/media\/3566"}],"wp:attachment":[{"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/media?parent=4506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/categories?post=4506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.astrum-it.de\/en\/wp-json\/wp\/v2\/tags?post=4506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}