Information security at simpleshow

simpleshow passed a TISAX assessment in 2019.

Penetration tests are carried out annually by an independent service provider.

TISAX (TISAX = Trusted Information Security Assessment Exchange) is a testing and exchange mechanism for the information security of companies that allows the sharing of test results among the participants.

The report of the simpleshow assessment is available under the TISAX Scope ID SN6RL4.

 

 

 

 

 

 

The Information Security Assessment Test Catalogue comprise:

 

– Release of an Information Security Management System (ISMS)
– IS risk management
– Effectiveness of the ISMS
– Information security policy
– Assignment of responsibility for information security
– Informations security in projects
– Mobile devices
– Roles and responsibilities at external IT service providers
– Contractual obligation to ensure the information security of employees
– Sensitization and training of employees
– Inventory
– Classification of information
– Storage of information on mobile data media
– Remove externally stored information assets
– Access to networks and network services
– User registration
– Privileged user accounts
– Confidentiality of authentication information
– Access to information and applications
– Separation of information in shared environments
– Encryption
– Security zones
– Protection against external influences and external threats
– Protective measures in the delivery and dispatch area
– Use of operating resources
– Change Management
– Separation of the development, test and production environment
– Protection against malware
– Information assurance (backup)
– Event logging
– Logging administration activities
– Tracking vulnerabilities (patch management)
– Verification of information systems
– Consideration of critical administrative functions of cloud services
– Network management
– Security requirements for networks/services
– Separation of networks (network segmentation)
– Electronic exchange of information
– Confidentiality agreements for the exchange of information with third parties
– Requirements for the procurement of information systems
– Security in the software development process
– Management of test data
– Assessment of external IT services
Release of an Information Security Management System (ISMS)
– IS risk management
– Effectiveness of the ISMS
– Information security policy
– Assignment of responsibility for information security
– Information security in projects
– Mobile devices
– Roles and responsibilities at external IT service providers
– Contractual obligation to ensure the information security of employees
– Sensitization and training of employees
– Inventory
– Classification of information
– Storage of information on mobile data media
– Remove externally stored information assets
– Access to networks and network services
– User registration
– Privileged user accounts
– Confidentiality of authentication information
– Access to information and applications
– Separation of information in shared environments
– Encryption
– Security zones
– Protection against external influences and external threats
– Protective measures in the delivery and dispatch area
– Use of operating resources
– Change Management
– Separation of the development, test and production environment
– Protection against malware
– Information assurance (backup)
– Event logging
– Logging administration activities
– Tracking vulnerabilities (patch management)
– Verification of information systems
– Consideration of critical administrative functions of cloud services
– Network management
– Security requirements for networks/services
– Separation of networks (network segmentation)
– Electronic exchange of information
– Confidentiality agreements for the exchange of information with third parties
– Requirements for the procurement of information systems
– Security in the software development process
– Management of test data
– Assessment of external IT services